Is Node.js Secure?
Briefly exploring the Node.js threat model to draw some opinions on whether Node.js is secure or not.
Articles tagged for: nodejs
Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Understanding and Preventing Prototype Pollution in Node.js
Learn about Prototype Pollution in Node.js: what it is, how it works, and how to prevent it. Includes real-world examples and security best practices for developers.
IDOR Vulnerability: What is it and how to prevent it?
Interestingly enough, the IDOR vulnerability type is found as a CVE more commonly in some languages rather than others. Why is that and how can you prevent it?
Why is it considered a bad practice to write raw SQL commands?
Are we going to settle the debate between raw SQL queries and ORMs once and for all? Let's explore the pros and cons of each approach and find the right balance between control and convenience.
Secure Coding Practices in Node.js Against Path Traversal Vulnerabilities
Path traversal vulnerabilities were discovered in webpack and backstage npm packages. Learn secure coding practices to prevent path traversal attacks in Node.js applications.