ASSESSING NODE.JS WEB APPLICATION SECURITY presented at BsidesCa 2017

by Vince Marcovecchio,

Summary : This talk covers a number of techniques and tools for performing white-box security assessments of Node.js web applications. We'll review Javascript language gotchas, dangerous APIs in Node.js and risky modules in npm to watch out for, and how to use linters to automate some of these checks. We'll cover npm dependency management, and the different tools that are available for scanning dependencies for known issues.