Collaborate Disseminate
I’d like to create a Web-App with Server-Side Template Injection vulnerability in NodeJS. The template used in the Application is EJS with Express-Framework.
Below are the code bits:
index.js (Route)
router.get(‘/page3’, … Continue reading Server Side Template Injection for EJS template in NodeJS
I have created a website using nodejs . And using ssl certificate from sslforfree.com . It is working fine on desktop and i checked it in SSL Checker it is working fine . But in mobile it is showing alert No certificates foun… Continue reading No certificate found alert in nodejs https server in mobile
This is my first time working with JWTs so I decided to ask here on Information Security as I’m very unsure about my approach towards JWT Authentication. I’m currently working on an API that will serve both mobile application and web page … Continue reading Rest API Authentication with JWT
I have a houskeeping script which I invoked using node index.js which got me this output
The error is because you cannot connect to the IP, but why would it try to connect to it in the first place?
A reverse DNS lookup s… Continue reading Invocation of a trusted NodeJS script tries to connect to unkown IP
I have running Node.JS in Task Mgr and my pc get slower by 50%!
Avast Premier didn`t detect that! HELP!
This question already has an answer here:
How to securely hash passwords?
12 answers
I am currently developing a login fo… Continue reading Is this method of hashing passwords good? Node.js [duplicate]
1) I am currently building a RESTful API which acts as a middleman between clients and an authentication server. A client gives me some account details and my server passes them to the auth server who then returns a csrftoken… Continue reading Node.js Cookies/Tokens (Access & Refresh) – OAUTH2 – How to store tokens and time/function refreshing
Are there any free tools capable of detecting dynamically Node.js vulnerabilities (including vulnerability scanners) and what are my paid options (except Burp and Acunetix)?
Continue reading Dynamic analysis on Node.js applications [on hold]
I’ve found a little vulnerability in a web application running on Node.js server.
It works by sending some crafted payload to the application server, which makes the application server code to throw an error and due to lack … Continue reading Does it make sense to consider a triggerable server software crash a DOS attack?
So as the title says I’m just deploying my first ever app in production.
Because I don’t have experience, I was told to ask someone who knows this stuff.
So how should I ensure the best security for my VPS and for my app?