This course provides essential practical knowledge to build secure and resilient Node.js applications. It starts with a brief primer on Node.js fundamentals, related idiosyncrasies, and then flows into exploiting and fixing the most common web application vulnerabilities, identified as the top OWASP 10 risks, and beyond.
Topics covered include:
* Node.js fundamentals * Security implications of JavaScript language constructs and Node.js specific Idiosyncrasies * Building secure REST and GraphQL APIs * Building Authentication with JSON Web Tokens (JWT) * Securing data in transit and at rest * Effective logging strategies for microservices architecture * Eliminating Security Misconfiguration pitfalls * Client-side attacks and mitigations * Common sources of Denial of Service attacks and mitigations * Securing against Components with known vulnerabilities * Preparing for the Production Environment
During the training, participants will gain valuable insights from the security mistakes frequently found in known Node package vulnerabilities. This course includes a balanced combination of essential theory, discussions, and hands-on lab exercises. With the practical knowledge gained during the class, participants can introduce a security culture into their teams and immediately improve the security posture of the Node applications they ship.
Upon completion attendees will learn:
* How a malicious attacker thinks about your application by finding and exploiting these vulnerabilities * The most common web and Node.js specific security vulnerabilities. * How to fix these vulnerabilities and incorporate defensive coding practices to bake in security in your apps from the beginning. * What to look for in the application source code when conducting a code review.
The trainers will provide:
* A copy of the slide deck used during the training * Source code for hands-on labs * Lab handouts with step-by-step instructions to solve the lab exercises * Lab exercises solutions
Attendees should bring:
A laptop with - * Windows/Linux/MacOS with Node.js 8.x or later pre-installed * Visual Studio Code or any other IDE pre-installed * Wifi enabled for network access
Attendees should know:
A beginner level knowledge of the JavaScript language and Node.js is recommended.
Chetan Karande is a security researcher, speaker, and author of Securing Node Applications (O’Reilly). He is the project leader for the OWASP NodeGoat project and contributor to multiple open source projects.
Monday May 27, 2019 9:00am - Tuesday May 28, 2019 5:00pm IDT
11th Floor Room 1128
