JavaScript and Node.js Security: How Are We Doing?
We'll analyze the security status of JavaScript and Node.js, covering vulnerabilities, attacks, mitigation strategies, tools, and best practices. OpenSSF aims to enhance open-source software security and has chosen Node.js as its first project for funding. By the end of our talk, you'll understand the security status of JavaScript and learn how to improve your security practices.
During this presentation, we will analyze the current state of security in the JavaScript and Node.js ecosystem. We will cover a range of topics, including common vulnerabilities, attack vectors, mitigation strategies, security tools and frameworks, and best practices. Additionally, we will discuss the role of OpenSSF, a collaborative initiative that aims to enhance the security of open source software. Node.js has been selected as the first project to receive funding and assistance from its Alpha-Omega initiative, which strives to improve the security of critical open source projects. By the end of this talk, you will have a clearer understanding of the current state of security in JavaScript and how we can improve our security practices.
30-40 mins
- OpenSSF Selects Node.js as Initial Project to Improve Supply Chain Security
- Progress Report – Strengthening Node.js Security
- Node.js Security Best Practices
- NodeJS Security Cheat Sheet
n/a