Guy Podjarny


Title: Writing Secure Node Code

Description:

Some of the very things that make JavaScript awesome can also expose it to security risks. This talk will go through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it). We'll show how these could occur in your own code or in npm dependencies.

The talk will revolve around a sample vulnerable application, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.

Speaker

Guy Podjarny

Guy Podjarny

@guypod

Guy Podjarny is a cofounder at Snyk.io focusing on securing open source code. Guy was previously CTO at Akamai and founder of Blaze.io, and worked on the first web app firewall & security static code analyzer. Guy is a frequent conference speaker, the author of ‘Responsive & Fast’, ‘High Performance Images’ and the upcoming ‘Securing Third Party Code’ (via O’Reilly), and the creator of Mobitest.