StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PONode.js Express Framework Security Issues
text
Body
copied!<p>I'm looking for modules that should be added to a Node/Express app that address the general security concerns listed below:</p> <ul> <li>Injection Vulnerabilities (JavaScript, SQL, Mongo, HTML)</li> <li>Session fixation and hijacking</li> <li>Cross-Site Vulnerabilities (Scripting, Request Forgery)</li> <li>Mass Assignment</li> <li><em>insert relevant concern here</em></li> </ul> <p>Thanks for your help!</p> <h2>----------</h2> <p>Some resources I've found:</p> <blockquote> <p>Excellent talk (11/2012): <a href="http://lanyrd.com/2012/asfws/sxzbm/" rel="nofollow noreferrer">http://lanyrd.com/2012/asfws/sxzbm/</a> (see slides)</p> <p>ServerFault question (2011-2012): <a href="https://serverfault.com/questions/285123/is-node-js-mature-for-enterprise-security">https://serverfault.com/questions/285123/is-node-js-mature-for-enterprise-security</a></p> <p>Blog post on topic (9/2012): <a href="http://codefol.io/posts/29-Why-Rails-and-not-Sinatra-or-Node-js-" rel="nofollow noreferrer">http://codefol.io/posts/29-Why-Rails-and-not-Sinatra-or-Node-js-</a> </p> <p>Exploit tester: <a href="https://code.google.com/p/skipfish/" rel="nofollow noreferrer">https://code.google.com/p/skipfish/</a></p> <p>Passport Module: <a href="https://github.com/jaredhanson/passport" rel="nofollow noreferrer">https://github.com/jaredhanson/passport</a></p> <p>EveryAuth Module: <a href="https://github.com/bnoguchi/everyauth" rel="nofollow noreferrer">https://github.com/bnoguchi/everyauth</a></p> </blockquote>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload