node.js security is hard to get correctly.
Even if you keep your dependencies up to date, your application might be pretty vulnerable unless you know what you are doing.
This is because:
1) frameworks are minimalistic and they give you some large room for error.
2) javascript is very dynamic, and it is time consuming to validate types... unless you are using something like typescript.
3) people tend to use node for orchestration layers/api gateways... and focus their security on the underlying API. But exfiltrating at the orchestration layer is as severe.
This is because:
1) frameworks are minimalistic and they give you some large room for error.
2) javascript is very dynamic, and it is time consuming to validate types... unless you are using something like typescript.
3) people tend to use node for orchestration layers/api gateways... and focus their security on the underlying API. But exfiltrating at the orchestration layer is as severe.