Node.js: Successful, exciting... and bares security risks

  • Tuesday, 09 Jun 2015 11:00AM EDT (09 Jun 2015 15:00 UTC)
  • Speaker: Amit Ashbel

Five years after its debut, it seems that node.js has become the most popular cross platform runtime environment for server side applications written in JavaScript.

There is no argument about the power of node.js however as with any coding language or framework, security issues are just around the corner waiting to be picked up.

In this talk, we discuss new attack techniques against applications built on top of the Node.js language.

Attacks include:

  • Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
  • Forgot your Password ? - Let's see if we can guess it for you.
  • Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature