Securing Node.js Apps

$1895 Register Now Limited to 35 seats
  • Choose from one of three intensive 2-day trainings (Monday-Tuesday)
  • Exhibit Hall (Tue-Wed)
  • All On-site Networking Events (Mon-Wed)
  • Lunch Mon-Tue

Note: Does not include access to tutorials on Monday. Standard discounts do not apply.

Adam Baldwin (^Lift Security), Michael Garvin (&yet)
9:00am - 5:00pm Monday, 04/20/2015
9:00am - 5:15pm Tuesday, 04/21/2015
Location: Sierra I

Crafting powerful and delightful software experiences requires a considerable amount of expertise and time, then dealing with security gets in the way of delivering those service to your costumers.

We at ^lift security understand how people value their data privacy and at the same time, their services running flawlessly. Security doesn't have to be painful, annoying, or frustrating. Imagine if security was integrated into your team's dev workflow, removing a lot of unwanted hassle each time you ship an app?

We've designed a training program to help you introduce a security culture into your team based on our experience working with different companies such as: Github, npm, Inc., CodeClimate and more.

This training is a hands on experience building, exploiting, and fixing security issues in the most used Node.js frameworks, templating engines and database drivers, identified as the top 10 most common by OWASP.

It is brought to you by a team of highly skilled attackers, developers, and consultants. The industry leader in securing node.js apps.

We know through our battle-field experience that the act of securing an application is a continual process, we are here to help you achieve that.


  • Approaches for building securely with both Hapi and Express
  • Authentication, Authorization and Session Management
  • Handling Sensitive Data
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection / Command Injection
  • Directory Traversal
  • Mass Assignment
  • Security Headers
  • Security Misconfiguration
  • Using the Node Security Project to identify known vulnerabilities

What you will learn:

  • Learn about the specific classes of common Node security vulnerabilities.
  • Learn how to find and exploit those vulnerabilities so you can understand how a malicious attacker thinks about your application.
  • Learn how to fix these vulnerabilities, and learn how to incorporate defensive coding practices from the very start as you build your app.
  • Investigate a vulnerable web app, and learn how to tell if an application is vulnerable.
  • Review the source code of an application and determine how to fix its vulnerabilities.


This training is aimed at software engineers who want to get hands on knowledge in advanced Node.js and Security Web Applications topics. You should have some experience coding for the web, and be able to write HTML and JavaScript. This workshop is particularly well suited for people experienced in Node.js who are looking to improve their existing skill-set.


Attendees should:

  • Have a basic understanding of Node.js.
  • Have built an app using Express or Hapi.

Stay Connected

Follow Fluent on Twitter Facebook Group Google+ LinkedIn Group

2014 Videos

More Videos »

O’Reilly Radar

Tech insight, analysis, and research