Submit Search
Upload
JSConfBR - Securing Node.js App, by the community and for the community
•
0 likes
•
717 views
David Dias
Follow
JSConfBR - Securing Node.js App, by the community and for the community
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 39
Download Now
Download to read offline
Recommended
Practical ZFS
Practical ZFS
All Things Open
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
Bhadreshsinh Gohil
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
JosephTesta9
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat Security Conference
Redis fundamental
Redis fundamental
Yuhao Zhang
Cara instal
Cara instal
عبد المنان الشافعي
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
More Related Content
What's hot
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity Server
MifrazMurthaja
Nodejs quick start
Nodejs quick start
Guangyao Cao
Testing NodeJS Security
Testing NodeJS Security
Jose Manuel Ortega Candel
Fosdem10
Fosdem10
wremes
Nodevember 2015
Nodevember 2015
Adam Baldwin
Custom Rules & Broken Tools
Custom Rules & Broken Tools
NotSoSecure Global Services
Introduction to node js
Introduction to node js
Amit Thakkar
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Paula Januszkiewicz
Ruby on Windows (uru/RubyInstaller/Devkit)
Ruby on Windows (uru/RubyInstaller/Devkit)
Shigeru UCHIYAMA
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
Security Basics For Developers Knowledge
Security Basics For Developers Knowledge
Siva Sankar
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
Abhishek Kumar
Create a RESTful API with NodeJS, Express and MongoDB
Create a RESTful API with NodeJS, Express and MongoDB
Hengki Sihombing
How to survive in the work from home era
How to survive in the work from home era
Marian Marinov
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat Security Conference
Node.JS security
Node.JS security
Deepu S Nath
Fluent plugin-dstat
Fluent plugin-dstat
shunsuke Mikami
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
ZuzannaKornecka
What's hot
(20)
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity Server
Nodejs quick start
Nodejs quick start
Testing NodeJS Security
Testing NodeJS Security
Fosdem10
Fosdem10
Nodevember 2015
Nodevember 2015
Custom Rules & Broken Tools
Custom Rules & Broken Tools
Introduction to node js
Introduction to node js
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Ruby on Windows (uru/RubyInstaller/Devkit)
Ruby on Windows (uru/RubyInstaller/Devkit)
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
Security Basics For Developers Knowledge
Security Basics For Developers Knowledge
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
Create a RESTful API with NodeJS, Express and MongoDB
Create a RESTful API with NodeJS, Express and MongoDB
How to survive in the work from home era
How to survive in the work from home era
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
Node.JS security
Node.JS security
Fluent plugin-dstat
Fluent plugin-dstat
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
Similar to JSConfBR - Securing Node.js App, by the community and for the community
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
Ben Hall
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man
Docker Security workshop slides
Docker Security workshop slides
Docker, Inc.
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
Inhacking
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
Аліна Шепшелей
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
Abdulrahman Bassam
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
smalltown
Getting started with developing Nodejs
Getting started with developing Nodejs
Phil Hawksworth
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Oleg Gryb
Serverless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui
NodeJS guide for beginners
NodeJS guide for beginners
Enoch Joshua
Sqldata 21 dezembro
Sqldata 21 dezembro
Pedro Martins
Book
Book
luis_lmro
Node.js Build, Deploy and Scale Webinar
Node.js Build, Deploy and Scale Webinar
jguerrero999
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
APNIC
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
Ben Hall
Security in serverless world
Security in serverless world
Yan Cui
Pentesting iOS Apps
Pentesting iOS Apps
Herman Duarte
Similar to JSConfBR - Securing Node.js App, by the community and for the community
(20)
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Docker Security workshop slides
Docker Security workshop slides
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Getting started with developing Nodejs
Getting started with developing Nodejs
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Serverless security: defence against the dark arts
Serverless security: defence against the dark arts
NodeJS guide for beginners
NodeJS guide for beginners
Sqldata 21 dezembro
Sqldata 21 dezembro
Book
Book
Node.js Build, Deploy and Scale Webinar
Node.js Build, Deploy and Scale Webinar
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
Security in serverless world
Security in serverless world
Pentesting iOS Apps
Pentesting iOS Apps
More from David Dias
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
David Dias
browserCloud.js - David Dias M.Sc Thesis Defense Deck
browserCloud.js - David Dias M.Sc Thesis Defense Deck
David Dias
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
David Dias
RDM#2- The Distributed Web
RDM#2- The Distributed Web
David Dias
Node.js Interactive
Node.js Interactive
David Dias
Understanding The Community Lifecycle
Understanding The Community Lifecycle
David Dias
P2P Resource Discovery for the Browser
P2P Resource Discovery for the Browser
David Dias
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
David Dias
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
David Dias
TriConf 2014 - LXJS, the Lisbon Javascript Conference
TriConf 2014 - LXJS, the Lisbon Javascript Conference
David Dias
More from David Dias
(10)
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
Enter Gossipsub, A scalable, extensible & hardened P2P PubSub Router protocol
browserCloud.js - David Dias M.Sc Thesis Defense Deck
browserCloud.js - David Dias M.Sc Thesis Defense Deck
IPWB and IPFS at WAC2017
IPWB and IPFS at WAC2017
RDM#2- The Distributed Web
RDM#2- The Distributed Web
Node.js Interactive
Node.js Interactive
Understanding The Community Lifecycle
Understanding The Community Lifecycle
P2P Resource Discovery for the Browser
P2P Resource Discovery for the Browser
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Lisboa WebRTC - May 21, 2015 - Intro to WebRTC
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
Resource Discovery for the Web Platform using a P2P Overlay Network with WebR...
TriConf 2014 - LXJS, the Lisbon Javascript Conference
TriConf 2014 - LXJS, the Lisbon Javascript Conference
Recently uploaded
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
odunowoeminence2019
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptx
Home
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Trupti Shiralkar, CISSP
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Amil baba
Multicomponent Spiral Wound Membrane Separation Model.pdf
Multicomponent Spiral Wound Membrane Separation Model.pdf
GiovanaGhasary1
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptx
KISHAN KUMAR
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
santhyamuthu1
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
rohitcse52
Basic Principle of Electrochemical Sensor
Basic Principle of Electrochemical Sensor
Tanvir Moin
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software Simulation
MohsinKhanA
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...
sahb78428
Engineering Mechanics Chapter 5 Equilibrium of a Rigid Body
Engineering Mechanics Chapter 5 Equilibrium of a Rigid Body
AhmadHajasad2
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part A
karthi keyan
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptx
jasonsedano2
ASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entender
juancarlos286641
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabus
Violet Violet
The relationship between iot and communication technology
The relationship between iot and communication technology
abdulkadirmukarram03
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
NaveenVerma126
Lecture 2 .pptx
Lecture 2 .pptx
abdnazar2003
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
LMW Machine Tool Division
Recently uploaded
(20)
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptx
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Multicomponent Spiral Wound Membrane Separation Model.pdf
Multicomponent Spiral Wound Membrane Separation Model.pdf
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptx
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
Basic Principle of Electrochemical Sensor
Basic Principle of Electrochemical Sensor
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software Simulation
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...
Engineering Mechanics Chapter 5 Equilibrium of a Rigid Body
Engineering Mechanics Chapter 5 Equilibrium of a Rigid Body
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part A
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptx
ASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entender
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabus
The relationship between iot and communication technology
The relationship between iot and communication technology
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Lecture 2 .pptx
Lecture 2 .pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
JSConfBR - Securing Node.js App, by the community and for the community
1.
Securing Node.js apps, by
the community and for the community
2.
Hi, I’m David
3.
Hi, I’m David @
diasdavid
4.
Hi, I’m David @diasdavid
6.
Direct Flight Image
9.
Node Security Project
10.
Security before node
11.
Input Validation Output Validation Error
Handling Authentication and Authorization Session Management Secure Communications Secure Resource Access Segregation of privileges Secure Storage
12.
You are responsible for
what you require()
13.
What has changed?
14.
What has changed? you
15.
http://nodeschool.io
16.
Node Security Project
18.
npm install all
the things
19.
npm install fs
20.
npm install socketio
21.
~/analyzer$ node print.js
./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354
22.
404
24.
New Process
32.
Resources that you can
use today
33.
https://nodesecurity.io/resources
34.
Advisories
35.
npm shrinkwrap /validate/shrinkwrap /validate/:module_name/:version POST GET
36.
npm shrinkwrap example curl
-X POST https://nodesecurity.io/ validate/shrinkwrap -d @npm- shrinkwrap.json -H "content-type: application/json"
37.
nsp cli $ npm
i nsp -g $ npm shrinkwrap $ nsp shrinkwrap
38.
node goat https://github.com/owasp/nodegoat
39.
Thank you! @daviddias |
@LiftSecurity | @nodeSecurity
Download Now