Node.js – Page 20 – WindowsTechs.com

How to avoid response manipulation in NodeJS Application?

Posted on March 26, 2018 by Vishesh Madhusudhana

I have a NodeJS application on the server. The attacker from the client system already knows how the success response looks like for a request. Thus, next time he steals someone else’s link and sends a request with wrong cred… Continue reading How to avoid response manipulation in NodeJS Application?→

How is security maintained in session and JWT?

Posted on March 15, 2018 by forJ

I have been using Passport.JS session for a long time without really caring about security concern. For next project I thought of replacing session with JWT but security related concerns arise as I research more about JWT.

So if I use JWT… Continue reading How is security maintained in session and JWT?→

How to exploit node.js-based servers? [on hold]

Posted on March 10, 2018 by user172561

My target is a server and I want to exploit an open port which is running a node.js app, what the server does is parses JSON objects that it receives, which means that all data that it receives goes to JSON.parse() function.
… Continue reading How to exploit node.js-based servers? [on hold]→

Is it safe to retrieve GnuPG public/secret key with fs in Node.js?

Posted on March 9, 2018 by Munucial

So there is a Node.js package openpgp which is available for signing documents with GPG, but it requires public/secret key. We all know putting key right into the file is dangerous and not recommend under production and usual… Continue reading Is it safe to retrieve GnuPG public/secret key with fs in Node.js?→

Generate multiple secure unique random codes in Node.js?

Posted on February 15, 2018 by Abhijeet Singh

I am using the below method to generate multiple unique random codes of 14 digits:

var randNum = Math.floor(Math.random() * timestamp * 100);
var number = randNum.toString().substr(0, 14);

Is this method secure for generat… Continue reading Generate multiple secure unique random codes in Node.js?→

How to protect SSL/TLS certificate files allowing access to NodeJs app [duplicate]

Posted on February 9, 2018 by Muhammad Hannan

This question already has an answer here:

How should I store SSL keys on the server?

2 answers

NodeJs app files integrity security check

Posted on February 8, 2018 by Muhammad Hannan

What are the recommended methods or approaches to check NodeJs application (hosted on Linux server) files integrity check for security check?

There are usually huge number of files in node_modules/, so what approach should b… Continue reading NodeJs app files integrity security check→

Firewall vs NAT vs Nginx for Node.js app deployment in Organization [closed]

Posted on February 2, 2018 by Muhammad Hannan

Some Background:

We are recently working with a company to evaluate the web application security built in Node.js (which is communicated by a react.js client side app via API). Remember, that Node.js server will then further… Continue reading Firewall vs NAT vs Nginx for Node.js app deployment in Organization [closed]→

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug

Posted on January 25, 2018 by Tom Spring

The team behind the popular open-source framework Electron warns a remote code execution flaw could compromise user privacy. Continue reading Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug→

Web Attack: CCTV-DVR Remote Code Execution (Node.js – Swedish string.js URL)

Posted on January 5, 2018 by CPHPython

I have been using node.js and running live-server package in my project for a while with the following command:

node node_modules/live-server/live-server.js . –ignore=\”css/sass\” –open=./ –cors

Which uses the default h… Continue reading Web Attack: CCTV-DVR Remote Code Execution (Node.js – Swedish string.js URL)→