Choose how you attend: SANS Network Security 2020 offers 35+ courses in Las Vegas OR Live Online!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Node.js: Successful, exciting... and bares security risks

  • Tuesday, June 09, 2015 at 11:00 AM EDT (2015-06-09 15:00:00 UTC)
  • Amit Ashbel


  • Checkmarx Inc.

You can now attend the webcast using your mobile device!



Five years after its debut, it seems that node.js has become the most popular cross platform runtime environment for server side applications written in JavaScript.

There is no argument about the power of node.js however as with any coding language or framework, security issues are just around the corner waiting to be picked up.

In this talk, we discuss new attack techniques against applications built on top of the Node.js language.

Attacks include:

  • Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
  • Forgot your Password ? - Let's see if we can guess it for you.
  • Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature

Speaker Bio

Amit Ashbel

Amit Ashbel joined Checkmarx From Trusteer (acquired by IBM). He has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities over the years, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats and the hi-tech security industry.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.