Guy Podjarny

Title: Writing Secure Node Code


Some of the very things that make JavaScript awesome can also expose it to security risks. This talk will go through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it). We'll show how these could occur in your own code or in npm dependencies.

The talk will revolve around a sample vulnerable application, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.


Guy Podjarny

Guy Podjarny


Guy Podjarny is a cofounder at focusing on securing open source code. Guy was previously CTO at Akamai and founder of, and worked on the first web app firewall & security static code analyzer. Guy is a frequent conference speaker, the author of ‘Responsive & Fast’, ‘High Performance Images’ and the upcoming ‘Securing Third Party Code’ (via O’Reilly), and the creator of Mobitest.