Node Day Summary - Node.js Security in the Enterprise
We just came from Node Day and what an amazing event.
Node Day was hosted by PayPal and brought together many of node's personalities, leaders, core developers, enterprise implementors, early adopters, and of course it would have been impossible to ignore the enthusiastic and engaged audience that numbered 500 strong.
Node.js provides an easy, fast and scalable way to create new web applications, it also brings cost savings and developer joy, with success stories from Uber, Medium, PayPal, Groupon, Walmart, Yahoo and many others, as presented by The Node Firm at Node Day (slides)
Node.js has arrived and is being used with great success in the enterprise.
Presenting at Node Day
Our Team Lead Adam Baldwin was present at Node Day to talk about the security aspects of node.js in the enterprise.
Building on the experience of helping many dev teams improve their security strategy, Adam talked about areas that devs and enterprises could focus on to improve the security of their node applications.
Some important points include:
Historical web app security strategy doesn't need to be thrown out with node. The same technical issues, such as xss, csrf and others present in the OWASP top 10 are prevalent in node web applications and need to be understood by developers.
Availability is an important and often most felt aspect of security. If your app isn't available most people won't care if it's secure.
Linting, test cases, peer review can help guard applications from vulnerabilities slipping out the door.
Each new developer hire is a potential set of vulnerabilities, patch them with education.
Update: The video was just released, you can watch it here.
What have we been working on?
At Lift Security, we strive to build the best resources and help our community grow with a security culture. We know how hard can it be to bring this mind set to development teams that sometimes, are constantly changing or are constantly tfrustrated as security issues being problems, not solutions.
This is why we build our new "Node.js Secure Development Education Series", a complete training for you and your team to get around the majority of the security faults in your Node.js Web Application. Sign up today to reserve your spot at https://liftsecurity.io/training