Node.js Security – Old vulnerabilities in new dresses

A session at Application Security Forum - Western Switzerland

Thursday 8th November, 2012

11:25am to 12:15pm (CET)

New technologies are a good thing as they drive innovation. Especially in the web world, innovation is what lead to todays popularity of Sites like Google, Twitter and Facebook. Regarding security, new technologies also come with the possibility to avoid known security issues already in the design of a technology or for example a new programming language. Unfortunately most of the time, security is not a main focus and therefor also known faults are done over and over again. In addition to this, new technologies also tend to invent new vulnerability classes or at least open new ways to exploit known security issues.
In this talk I’ll take as a practical example the Node (Node.js) project which allows server side non-blocking JavaScript development. It’s great to have the same language for the frontend as for the backend as it makes things much easier to connect and also the frontend and backend developers can better understand each others work. Many people still think about JavaScript as static *.js files somewhere in a web accessible directory which is not security relevant as it’s static. This is simply not the case. In the past there where already a lot of reported security problems in JavaScript so the question is: Will those problems also affect Node? I will answer this and more questions during the talk but be assured, we’ll end up with a reverse shell

About the speaker

This person is speaking at this event.
Sven Vetsch

Coverage of this session

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 11:25am12:15pm CET

Date Thu 8th November 2012

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session