Node.js Application Insecurity - OWASP AppSec California 2015

Explore Node.js application security vulnerabilities and best practices in this OWASP AppSec California 2015 conference talk. Dive into various security categories, including cross-site scripting, code escaping, and query language vulnerabilities. Learn about the importance of prepared statements, proper header usage, and the dangers of eval() functions. Examine GitHub examples, tips for generating secure random numbers, and potential issues with the Buffer class. Gain insights into common pitfalls, such as buffer overflows and allocation problems, to enhance your Node.js application security knowledge.

Intro
Agenda
Not chance
Target audience
What is NoDot
Why NoDot
Frameworks
Categories
Crosssite scripting
escaping code
escape modules
secret section
user input
query language
use prepared statements
portrait protection
false opening
headers
classic
eval
exit method
GitHub example
Tips
Record diversity
Not my test
Random numbers
Random bytes
Pseudorandom
Rocket
Stupid Dancer
Im tutoring area
Openness
Documentation
The problem
Honey success
Buffer class
Buffer
ReadWrite
Buffer Overflow
Watch out allocations
Summary
Conclusion