Node.js security

October 10, 2019

Webinar title: Node.js security

Presentor: Liran Tal


One of my favourite ways of learning is by actually practicing and building things. What’s a better way of learning about Node.js security pitfalls than by hacking an app and then securing it?

In this session we’ll use OWASP NodeGoat as an educational platform to learn about luring security vulnerabilities in your Node.js applications and how to fix them.


NodeGoat project on GitHub:

NodeGoat project - Liran Tal’s fork:

ReDoS in JavaScript package ms (

ReDoS in Node.js’s core path module (

ReDoS in JavaScript and Node.js from the State of Open Source Security report:

Free copy of the Essential Node.js Security book on LeanPub for WOSEC:

Youtube recording of the session