Assessing The Security Of Node.Js Platform

Node.js is a novel event-based network application platform which forces developers to use asynchronous programming interfaces for I/O operations. The native language for developing applications on this platform is JavaScript. Despite its young age the platform has attracted a significant community of developers and gained support from the industry. The Node.js community generally has a strong focus on the scalability of the platform. However, little research has been done on how the platform's design decisions affect the security of its applications. This paper outlines several possible security pitfalls to be aware of when using Node.js platform and server side JavaScript. We also describe two discovered vulnerabilities and give recommendations for developing and configuring secure and resilient web applications on the Node.js platform.