Secure Scalable Node.js

for Enterprise

About Me

Consultant by profession

Open source contributor by passion

Traveller & Trekker by heart

@  niranjan_jan007

     Niranjan-J007

Audience Poll

Profession

Security

1. Injection

Tricking an application into including unintended commands in the data sent to an interpreter

1. Injection

1. Injection

Encode all user input before passing it to the interpreter

Always perform ‘white list’ input validation on all user supplied input

2. Authentication

SESSION ID used to track state since HTTP doesn’t  and it is just as good as credentials to an attacker 

 

SESSION ID is typically exposed on the network, in browser, in log

2. Authentication

2. Authentication

Be sure SSL protects both credentials and session id at all times

Verify that logoff actually destroys the sessio

3. Cross Site Scripting

 Loading the attacked, third-party web application from an unrelated attack site

3. Cross Site Scripting

3. Cross Site Scripting

Don’t include user supplied input in the output page

Use Content Security Policy (CSP)

Poll

Do you use standard NPM?

NodeJS for Enterprise

# Parameter Description
1 Scaling How easy it is to scale apps built with this framework?
2 Testing How to test the application
3 Configuration How easy it is to configure the framework
4 Best practices and patterns Whether the framework provides clear patterns to use
5 Scaffolding using built-in code generators
6 Integration ecosystem of plugins/connectors
7 Monitoring How to monitor the application
8 Convention Is there a convention to follow
9 Track record who supports it and how well it is maintained

ExpressJS for Enterprise

KrakenJS for Enterprise

Hello World!

ExpressJS

Hello World!

KrakenJS

# Parameter Description
1 Security Pre-configured module Lusca provides simple-yet-critical best application security practices
2 Code generators Automatic code creation with generators that save development time and reduce human error
3 Internalization Makes your application support many languages from the ground up
4 Learning curve Easy learning curve for developers familiar with Express.js
5 Integration Possible to leverage a rich ecosystem of Express.js/Connect middleware modules with Kraken

Benefits

Benefits

Security is provided out-of-the-box by the Lusca module.

Lusca is middleware for express, and it follows OWASP best practices

Security

Benefits

The generator will create a new directory for application, set up an empty project and download all the necessary dependencies.

Code generator

Benefits

 bundalo for loading localized strings for use by application logic,

engine-munger for controlling the lookup of templates and associated localized strings, and

adaro as the template engine

Internationalization

Benefits

Local NPM

Q & A

Thank You!

Scalable Secure Node.JS

By Niranjan Janardhana

Scalable Secure Node.JS

  • 911