From OpenJS World 2023: OWASP Top 10 Vulnerabilities in Node.js - Marco Ippolito
Talk from Marco Ippolito, Senior Developer Experience Engineer, NearForm, at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.
Talk from Marco Ippolito, Senior Developer Experience Engineer, NearForm, at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.
This presentation talks about the OWASP Top 10 security vulnerabilities in Node.js. Marco explains OWASP and how he compiles the Top 10 list. He then goes through the ten vulnerabilities, providing examples of how they could occur in a Node.js application and ways to prevent or remediate them, such as input validation, access control, updating dependencies, logging failures, and more. The talk focused on common security issues web developers face and best practices to avoid vulnerabilities like injection, cryptographic failures, insecure design, and broken access control.
Main Sections
00:00 Introduction
0:30 What’s an OWASP?
01:35 Criteria
02:01 10 - Server Side Request Forgery
04:02 9 - Security Logging and Monitoring Failures
08:05 8 - Software Data and Integrity Failures
11:08 7 - Identification and Authentication Failures
14:37 6 - Vulnerable and outdated components
18:04 5 - Security Misconfiguration
20:28 4 - Insecure Design
22:46 3 - Injection
26:21 2 - Cryptographic Failures
28:23 1 - Broken Access Control
31:26 Thank you for listening
OpenJS Resources
About the OpenJS Foundation
Join the OpenJS Foundation
- Join OpenJS as a Member Company
- Join OpenJS as an Individual Contributor
- Join our public calendar meetings