Skip to main content

Top Overlooked Security Threats To Node.js Web Applications

Location: Salon 10 Level: Intermediate
Average rating: ****.
(4.60, 5 ratings)
Slides:   1-PDF    external link

Being lightweight and efficient, Node.js is rapidly becoming a platform of choice for building fast, scalable, data-intensive, modern web applications. However, when used as a web server, the platform design choices and technologies used in it pose unique security challenges. Developing stable and resilient web applications on this platform is therefore very dependent on programmers.

On the one hand, impact level of several security threats is amplified on Node.js platform and server side JavaScript due its inherent characteristics. On the other hand, Node.js community lacks awareness, experience, and learning resources to effectively address such challenges on this relatively young platform.

This presentation illustrates potential security pitfalls with examples and offers recommendations to address it effectively. Specifically, we will walk through these areas with examples:

  • How to address DoS, XSS, CSRF, and other OWASP Top 10 attacks
  • What JavaScript features to avoid while writing server-side applications
  • How to configuring a secure web server on Node.js platform
  • Utilizing OWASP Node.js Goat project as a learning and training resource.
Photo of Chetan Karande

Chetan Karande


Chetan has extensive experience in building fast, scalable, and secure web and mobile applications.

At Omgeo, he is leading efforts to build common UI Framework that is being used across all Omgeo products to ensure consistent user interface.

He is an active member of OWASP New York Chapter. He has initiated and leading open source OWASP Node.js Goat project.

Comments on this page are now closed.


Picture of Chetan Karande
Chetan Karande
03/12/2014 3:11pm PDT