JavaScript and Node.js Security – The Common Pitfalls

Guy Podjarny's avatar Guy Podjarny

JavaScript and Node.js have shown themselves to be amazing platforms. Their sheer ease of use has empowered an entire community of creative individuals to build amazing things. Like in all cases, however, amongst the goodness lurk some risks. Nobody’s perfect, including Node.js and JavaScript, and a language’s strength can quickly translate to its vulnerability if looked through through an evil (or paranoid) lens.

I’ve given many talks about JavaScript security, looking to do my share in raising awareness and to keep our applications safer. Of those, my talk from the wonderful JSKongress went especially well. Check out the following edited-down version that is a great way to learn about the most common JS security pitfalls while enjoying a 20-minute live hacking session!

Want to know more?

I hope you enjoyed the video! You can also check if your applications have known vulnerabilities by using Snyk on your project to test your dependencies. Sign up to test your code here.

Local Type Inference Cheat Sheet for Java 10 and beyond!

April 26, 2018

One of the main features in Java 10 in Local Type Inference, which allows us to substitute a type with the var reserved word in our source code. However, in order for this to become a feature that is useful to a developer rather than a feature developers will rue for many years to come, we need to learn how to use it and when to use it properly. This cheat sheet and blog is a reduced version of an blog post that Stuart Marks wrote on the OpenJDK site.

Attacking an FTP Client: MGETting more than you bargained for

April 04, 2018

Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post contains the full details of the vulnerability and what you can do to avoid it.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications