Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.


To attend this webcast, login to your SANS Account or create your Account.

Node.js: Successful, exciting... and bares security risks

  • Tuesday, June 9th, 2015 at 11:00 AM EDT (15:00:00 UTC)
  • Amit Ashbel
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Checkmarx Inc.

You can now attend the webcast using your mobile device!


Five years after its debut, it seems that node.js has become the most popular cross platform runtime environment for server side applications written in JavaScript.

There is no argument about the power of node.js however as with any coding language or framework, security issues are just around the corner waiting to be picked up.

In this talk, we discuss new attack techniques against applications built on top of the Node.js language.

Attacks include:

  • Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
  • Forgot your Password ? - Let's see if we can guess it for you.
  • Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature

Speaker Bio

Amit Ashbel

Amit Ashbel joined Checkmarx From Trusteer (acquired by IBM). He has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities over the years, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats and the hi-tech security industry.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.