OWASP Melbourne Meetup is a local OWASP Chapter in Melbourne, Australia that runs events on all things application security. I presented to the community about some of the ways you can break Node.js applications, as well as some of the common developer mistakes.
Talk Description
The presentation is aimed at software developers, QA engineers and pen-testers. It will cover the typical JavaScript gotchas, potential server misconfigurations and other attacks that are common in all web application frameworks. The focus of the presentation is to educate developers and testers on security vulnerabilities in web applications with an emphasis on how they apply to a real world example application utilising the hipster stack (mean.io).
The presentation will cover:
- Injection attacks with MongoDB
- XSS becoming harder to mitigate
- Session management with JWT
- Framework/Library hardening
- JavaScript language issues
- Session management
- Code analysis tools