Title :
Assessing the security of Node.js platform
Author :
Ojamaa, Andres ; Duuna, K.
Author_Institution :
Inst. of Cybern., Tallinn Univ. of Technol., Tallinn, Estonia
Abstract :
Node.js is a novel event-based network application platform which forces developers to use asynchronous programming interfaces for I/O operations. The native language for developing applications on this platform is JavaScript. Despite its young age the platform has attracted a significant community of developers and gained support from the industry. The Node.js community generally has a strong focus on the scalability of the platform. However, little research has been done on how the platform´s design decisions affect the security of its applications. This paper outlines several possible security pitfalls to be aware of when using Node.js platform and server side JavaScript. We also describe two discovered vulnerabilities and give recommendations for developing and configuring secure and resilient web applications on the Node.js platform.
Keywords :
Internet; Java; security of data; I/O operations; JavaScript platform; Node.js platform security; Web applications; asynchronous programming interfaces; Browsers; Databases; Programming; Runtime; Security; Servers; Web pages; denial of service; information security; server platform security; server side JavaScript security;
Conference_Titel :
Internet Technology And Secured Transactions, 2012 International Conference for
Conference_Location :
London
Print_ISBN :
978-1-4673-5325-0
