With Node.js having become a critical cog at places such as PayPal and Wal-Mart, developers need to be mindful of securing their Node.js applications, technologists are advising.
eval and all the terrible things on the client side still exist on the server side," Stuart said. (The
eval function evaluates code represented as a string but poses the risk of running malicious code.)
The importance of security on Node.js has led to formation of the Node Security Project, headed by Baldwin, which wants to audit NPMs (Node packaged modules). Developers need to actively address common security issues in their code, using resources such as the OWASP (Open Web Application Security Project) Top 10, which includes cross-site scripting, cross-site request forgery, security misconfiguration, and unvalidated redirects and forwards.
This story, "Node.js is the latest security risk for developers" was originally published by InfoWorld.