Community

From OpenJS World 2023: OWASP Top 10 Vulnerabilities in Node.js - Marco Ippolito


Talk from Marco Ippolito, Senior Developer Experience Engineer, NearForm, at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.

Talk from Marco Ippolito, Senior Developer Experience Engineer, NearForm, at OpenJS World 2023 in Bilbao, Spain, September 19-21, 2023.

This presentation talks about the OWASP Top 10 security vulnerabilities in Node.js. Marco explains OWASP and how he compiles the Top 10 list. He then goes through the ten vulnerabilities, providing examples of how they could occur in a Node.js application and ways to prevent or remediate them, such as input validation, access control, updating dependencies, logging failures, and more. The talk focused on common security issues web developers face and best practices to avoid vulnerabilities like injection, cryptographic failures, insecure design, and broken access control.

Main Sections

00:00 Introduction 

0:30 What’s an OWASP?

01:35 Criteria

02:01 10 - Server Side Request Forgery 

04:02 9 - Security Logging and Monitoring Failures

08:05 8 - Software Data and Integrity Failures

11:08 7 - Identification and Authentication Failures

14:37 6 - Vulnerable and outdated components 

18:04 5 - Security Misconfiguration

20:28 4 - Insecure Design 

22:46 3 - Injection

26:21 2 - Cryptographic Failures

28:23 1 - Broken Access Control 

31:26 Thank you for listening 

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social