Loading…

October 10 -12 - Vancouver, BC
Click for Node+JS Interactive Information & Registration

Simple
Expanded
Grid
By Venue
Security [clear filter]
Wednesday, October 10
 

11:00am PDT

Passwords Are Dead, Long Live Passwords! - Alejandro Oviedo
Passwords have been used as the main method of authentication since the WWW was born. Their biggest flaw is that their effectiveness depends on their entropy, and humans are a bad source of entropy. Progress has been made at this time as multiple factors for authentication are now more and more common. This talk is about the Web Authentication API that is being worked on, how it fits in the current ecosystem of web apps and why it's important for users.
Speakers
avatar for Alejandro Oviedo

Alejandro Oviedo

Senior Javascript Engineer, Kinsta
Alejandro is a developer who loves learning new things. He is passionate about education, electronics, Open Source, and community-driven events.

passwords are dead long live passwords pdf
Wednesday October 10, 2018 11:00am - 11:30am PDT
West Ballroom B
  Security
 
Thursday, October 11
 

2:00pm PDT

Panel: Building a Secure Ecosystem for Node.js - Moderated by Liran Tal, Nielsen
Over the last year, the Node.js security working group has been working to build trust and make the ecosystem safer through a number of initiatives. During this panel discussion, members of the working group, security researchers, and companies deploying Node.js will discuss some of the key challenges and progress to make the Node.js platform and ecosystem safer. We’ll cover it all including security reporting, internal triaging processes, CVE assignment, and current and future initiatives to strengthen security measures in the ecosystem.
Moderators
avatar for Liran Tal

Liran Tal

Developer Advocate, Snyk
Known for his open source and JavaScript security initiatives, Liran Tal is an award-winning software developer, security researcher, and community leader in the JavaScript community. He's an internationally recognized GitHub Star, acknowledged for his open source advocacy, and has... Read More →

Speakers
avatar for Michael Dawson

Michael Dawson

Node.js Community Lead, IBM
Michael Dawson is an active contributor to the Node.js project and chair of the Node.js Technical Steering Committee(TSC). He contributes to a broad range of community efforts including platform support, build infrastructure, N-API, Release, as well as tools to help the community... Read More →
SE

Stephanie Evans

Content Manager for Back-end Web Development, LinkedIn
Stephanie Evans is the Content Manager for Back-end Web Development at LinkedIn Learning/Lynda.com, where she oversees Node.js courses that range from helping developers build their first server to testing, securing, deploying, and maintaining Node apps. She’s worked in education... Read More →
avatar for Vladimir de Turckheim

Vladimir de Turckheim

Software Engineer, Sqreen
V. works as a software engineer at Sqreen where he builds a tool to secure web applications. He used to be a professional security auditor and a web developer in agencies.    He is one of the most active members of the Node.js Security Working Group where he handles the security... Read More →

Thursday October 11, 2018 2:00pm - 2:30pm PDT
West Ballroom B
  Security

2:40pm PDT

Building a Threat Model & How npm Fits Into It - Adam Baldwin, npm
Who might want to attack your application? If they tried, how would they succeed? Answering these questions is an important exercise that helps you understand how to keep your application secure, so you can sleep at night.

In this talk, Adam will teach you what threat modeling is and how to build threat models for your organization and applications. Because npm is such a critical part of how your developers build JavaScript applications, Adam will show you how npm fits into your threat model and how to use npm's tools to keep your JavaScript secure.
Speakers
avatar for Adam Baldwin

Adam Baldwin

Sr. Product Manager, Supply Chain Security, GitHub
Adam Baldwin is a Senior Product Manager focused on supply chain security at GitHub. A security focused leader with over 25 years of experience, Adam has spent his career building companies, breaking into companies, managing teams, designing products, and talking about security non-stop. Previously... Read More →

Thursday October 11, 2018 2:40pm - 3:10pm PDT
West Ballroom B
  Security
  • Experience Level Any

3:20pm PDT

Node.js Applicative DoS Through MongoDB Injection - Vladimir de Turckheim, Sqreen
Applicative Denial of Service is mostly known through Regexp abuse. Most people do not know that other applicative DoS can be exploited through diverse means. In this talk, we will see how a malicious user can obtain a MongoDB injection and use it to prevent an application from responding.

Intro: Applicative DoS
I. From SQL injections to NoSQL injections
II. Exploiting a NoSQL injection to obtain a DoS
III. Protecting an application from MongoDB applicative DoS

When speaking about security in the Node.js world, most efforts have been in direction of the choice of packages. However, most security issues are not coming from third-party modules but from misuse of them.

This talk aims at showing how fragile an application can be and how one should protect it.
Speakers
avatar for Vladimir de Turckheim

Vladimir de Turckheim

Software Engineer, Sqreen
V. works as a software engineer at Sqreen where he builds a tool to secure web applications. He used to be a professional security auditor and a web developer in agencies.    He is one of the most active members of the Node.js Security Working Group where he handles the security... Read More →

nosqliappdos key
Thursday October 11, 2018 3:20pm - 3:50pm PDT
West Ballroom B
  Security
 
Filter sessions
Apply filters to sessions.
Wednesday, October 10
Thursday, October 11
Friday, October 12
Saturday, October 13
Olympic Torch by Thorlow St.
Room 119-120
Streets of Vancouver
TELUS Garden
West Ballroom A
West Ballroom B
West Ballroom C
West Ballroom D
West Level 1 Ballroom Foyer
West Level 1 Ballroom Foyer (Community Corner)
West Meeting Room 118-120
West Meeting Room 121-122
West Meeting Room 202
  • Accessibility
  • Add-on Event
  • Application Development and APIs
  • Artificial Inteligence and Machine Learning
  • Community and Developers
  • Event Experiences
  • Functions as a Service (Serverless)
  • Internationalization
  • IoT
  • Keynote
  • Node Community Corner
  • Node.js Project
  • Performance
  • Progressive Web Apps and Offline First
  • Registration & Breaks & Meals
  • Security
  • Standards
  • Testing Tools and Infrastructure
  • Experience Level
  • Any
  • Beginner
  • Intermediate
  • Popular