The security vulnerability of serving images via a route as opposed to static middleware in Node.js
The most upvoted Reddit answer to a question about serving images via a route in Express.js is a security vulnerability waiting to happen.
Articles tagged for: security
JS Security Concepts for JavaScript Developers
Enhance your development workflow with JavaScript security best practices. Learn about Content Security Policy (CSP) in Nuxt.js, avoiding `eval` and `new Function` with untrusted input, secure DOM manipulation, cookie security, and third-party integration.
To IDOR or Not to IDOR: Insecure Direct Object Reference in JavaScript Applications Explained
Can you spot an Insecure Direct Object Reference (IDOR) vulnerability in your JavaScript application? Learn what IDOR is, how it can be exploited, and how to prevent it in your code.
npm vulnerabilities: reviewing the security of your dependencies
Learn about recent npm vulnerabilities in popular npm packages and how to protect your applications from security reports disclosed in 2024.
Disclosing code injection vulnerabilities in safe-eval-2 npm package
A project fork is not without risks, and this time it's the safe-eval-2 npm package that is vulnerable to code injection attacks.
Introducing Node.js Security Permissions Model, Threat Model, and Security Releases
Learn how to secure your Node.js applications with the new Permissions Model, stay informed about security releases, and understand the Node.js Security Threat.