Tag: nodejs

Learn how to use JSON Web Tokens (JWT) securely in your Node.js applications. I'll cover the basics of JWT and share best practices to avoid common security mistakes.

Half a dozen secure code review comments and none of them mentioned the potential security vulnerability that exists in the code snippet. Let's dive into a Node.js secure code review and see if you can spot the security bug you totally missed.

Even if you follow security best practices and choose bcrypt for password hashing you can still get it wrong. How does Bun handle it in a more secure fashion? What happened with the Okta bcrypt incident? Lets dive in.

How about a more offensive side of security? Check out a NodeJS path traversal vulnerability scanner.

Briefly exploring core concepts around Node API security with regards to GraphQL and REST API design with code examples specific to Node.js application servers.

Briefly exploring the Node.js threat model to draw some opinions on whether Node.js is secure or not.

Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!

Learn about Prototype Pollution in Node.js: what it is, how it works, and how to prevent it. Includes real-world examples and security best practices for developers.

Interestingly enough, the IDOR vulnerability type is found as a CVE more commonly in some languages rather than others. Why is that and how can you prevent it?

Are we going to settle the debate between raw SQL queries and ORMs once and for all? Let's explore the pros and cons of each approach and find the right balance between control and convenience.