Security Assessment of Node.js Platform

  • Andres Ojamaa
  • Karl Düüna
Conference paper

DOI: 10.1007/978-3-642-35130-3_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7671)
Cite this paper as:
Ojamaa A., Düüna K. (2012) Security Assessment of Node.js Platform. In: Venkatakrishnan V., Goswami D. (eds) Information Systems Security. ICISS 2012. Lecture Notes in Computer Science, vol 7671. Springer, Berlin, Heidelberg


Node.js is a novel event-based network application platform which forces developers to use asynchronous programming interfaces for I/O operations. The native language for developing applications on this platform is JavaScript. Despite its young age the platform has attracted a significant community of developers and gained support from the industry. The Node.js community generally has a strong focus on the scalability of the platform but little research has been done on how the platform’s design decisions affect the security of its applications. This paper outlines several possible security pitfalls to be aware of when using Node.js platform and server side JavaScript. We also describe two discovered vulnerabilities and give recommendations for developing and configuring resilient web applications on the Node.js platform.


application security denial of service server platform security server side JavaScript security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andres Ojamaa
    • 1
  • Karl Düüna
    • 2
  1. 1.Institute of CyberneticsTallinn University of TechnologyTallinnEstonia
  2. 2.Tallinn University of TechnologyTallinnEstonia

Personalised recommendations