Securing Node.js apps,
by the community and
for the community
Hi, I’m David
Hi, I’m David
@ diasdavid
Hi, I’m David
@diasdavid
Direct
Flight
Image
Node Security Project
Security before node
Input Validation
Output Validation
Error Handling
Authentication and Authorization
Session Management
Secure Communication...
You are responsible
for what you
require()
What has changed?
What has changed?
you
http://nodeschool.io
Node Security Project
npm install all the things
npm install fs
npm install socketio
~/analyzer$ node print.js ./output/output.json
buffer: 604
child_process: 2867
dgram: 836
dns: 674
fs: 15036
http: 12084
h...
404
New Process
Resources that you
can use today
https://nodesecurity.io/resources
Advisories
npm shrinkwrap
/validate/shrinkwrap
/validate/:module_name/:version
POST
GET
npm shrinkwrap example
curl -X POST https://nodesecurity.io/
validate/shrinkwrap -d @npm-
shrinkwrap.json -H "content-type...
nsp cli
$ npm i nsp -g
$ npm shrinkwrap
$ nsp shrinkwrap
node goat
https://github.com/owasp/nodegoat
Thank you!
@daviddias | @LiftSecurity | @nodeSecurity
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
Upcoming SlideShare
Loading in …5
×

JSConfBR - Securing Node.js App, by the community and for the community

556 views

Published on

JSConfBR - Securing Node.js App, by the community and for the community

Published in: Engineering
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
556
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

JSConfBR - Securing Node.js App, by the community and for the community

  1. 1. Securing Node.js apps, by the community and for the community
  2. 2. Hi, I’m David
  3. 3. Hi, I’m David @ diasdavid
  4. 4. Hi, I’m David @diasdavid
  5. 5. Direct Flight Image
  6. 6. Node Security Project
  7. 7. Security before node
  8. 8. Input Validation Output Validation Error Handling Authentication and Authorization Session Management Secure Communications Secure Resource Access Segregation of privileges Secure Storage
  9. 9. You are responsible for what you require()
  10. 10. What has changed?
  11. 11. What has changed? you
  12. 12. http://nodeschool.io
  13. 13. Node Security Project
  14. 14. npm install all the things
  15. 15. npm install fs
  16. 16. npm install socketio
  17. 17. ~/analyzer$ node print.js ./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354
  18. 18. 404
  19. 19. New Process
  20. 20. Resources that you can use today
  21. 21. https://nodesecurity.io/resources
  22. 22. Advisories
  23. 23. npm shrinkwrap /validate/shrinkwrap /validate/:module_name/:version POST GET
  24. 24. npm shrinkwrap example curl -X POST https://nodesecurity.io/ validate/shrinkwrap -d @npm- shrinkwrap.json -H "content-type: application/json"
  25. 25. nsp cli $ npm i nsp -g $ npm shrinkwrap $ nsp shrinkwrap
  26. 26. node goat https://github.com/owasp/nodegoat
  27. 27. Thank you! @daviddias | @LiftSecurity | @nodeSecurity

×