Security Assessment of Node.js Platform

  • Andres Ojamaa
  • Karl Düüna
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7671)


Node.js is a novel event-based network application platform which forces developers to use asynchronous programming interfaces for I/O operations. The native language for developing applications on this platform is JavaScript. Despite its young age the platform has attracted a significant community of developers and gained support from the industry. The Node.js community generally has a strong focus on the scalability of the platform but little research has been done on how the platform’s design decisions affect the security of its applications. This paper outlines several possible security pitfalls to be aware of when using Node.js platform and server side JavaScript. We also describe two discovered vulnerabilities and give recommendations for developing and configuring resilient web applications on the Node.js platform.


application security denial of service server platform security server side JavaScript security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andres Ojamaa
    • 1
  • Karl Düüna
    • 2
  1. 1.Institute of CyberneticsTallinn University of TechnologyTallinnEstonia
  2. 2.Tallinn University of TechnologyTallinnEstonia

Personalised recommendations