October 10, 2019
Webinar title: Node.js security
Presentor: Liran Tal
Description:
One of my favourite ways of learning is by actually practicing and building things. What’s a better way of learning about Node.js security pitfalls than by hacking an app and then securing it?
In this session we’ll use OWASP NodeGoat as an educational platform to learn about luring security vulnerabilities in your Node.js applications and how to fix them.
References:
NodeGoat project on GitHub: https://github.com/OWASP/NodeGoat
NodeGoat project - Liran Tal’s fork: https://github.com/lirantal/NodeGoat
ReDoS in JavaScript package ms (https://snyk.io/vuln/search?type=npm&q=ms)
ReDoS in Node.js’s core path module (https://nodejs.org/ru/blog/vulnerability/march-2018-security-releases/)
ReDoS in JavaScript and Node.js from the State of Open Source Security report: https://snyk.io/blog/redos-vulnerabilities-in-npm-spikes-by-143-and-xss-continues-to-grow/
Free copy of the Essential Node.js Security book on LeanPub for WOSEC: https://leanpub.com/nodejssecurity/c/wosecindia
Youtube recording of the session