Talk from Marco Ippolito, Senior Developer Experience Engineer, NearForm, at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.

This presentation talks about the OWASP Top 10 security vulnerabilities in Node.js. Marco explains OWASP and how he compiles the Top 10 list. He then goes through the ten vulnerabilities, providing examples of how they could occur in a Node.js application and ways to prevent or remediate them, such as input validation, access control, updating dependencies, logging failures, and more. The talk focused on common security issues web developers face and best practices to avoid vulnerabilities like injection, cryptographic failures, insecure design, and broken access control.

Main Sections

00:00 Introduction 

0:30 What’s an OWASP?

01:35 Criteria

02:01 10 - Server Side Request Forgery 

04:02 9 - Security Logging and Monitoring Failures

08:05 8 - Software Data and Integrity Failures

11:08 7 - Identification and Authentication Failures

14:37 6 - Vulnerable and outdated components 

18:04 5 - Security Misconfiguration

20:28 4 - Insecure Design 

22:46 3 - Injection

26:21 2 - Cryptographic Failures

28:23 1 - Broken Access Control 

31:26 Thank you for listening 

OpenJS Resources

About the OpenJS Foundation

• OpenJS Foundation Website
• OpenJS Foundation Blog
• OpenJS + Node.js Training and Certification

Join the OpenJS Foundation

• Join OpenJS as a Member Company
• Join OpenJS as an Individual Contributor
• Join our public calendar meetings
  

Follow Us on Social

• OpenJS Foundation Twitter
• OpenJS Foundation LinkedIn
• OpenJS Foundation Mastodon