More than 500 Node.js packages get published to npm every day, and security researchers consistently discover and publish vulnerabilities found in these packages. Analysis of these vulnerabilities reveals some valuable insights for Node.js developers and security testers.
Chetan Karande shares the findings from an analysis of over a thousand publicly known Node.js vulnerabilities. With intuitive data visualizations and statistics, Chetan details trends over last five years, explores common security mistakes made by Node.js package authors, and explains how you can prevent these issues in your own code.
Chetan Karande is a principal software engineer at DTCC, where he focuses on building fast, maintainable, and secure user interfaces. Chetan is full stack web developer, security researcher, speaker at developer conferences, the author of Securing Node Applications from O’Reilly, and a contributor to multiple open source projects. He is a member of the Open Web Application Project (OWASP) organization and a project leader for the OWASP NodeGoat project, an open source learning platform for Node.js security.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org