Udemy Node.js Security: Pentesting and Exploitation Udemy
Price: USD 6,080
  • Duration: Flexible

Course details

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. This new technology is widely getting adopted in various organisations. Like any platform, Node.js has it's on set of features that developers blindly use without much thought on security. The heart of Node is JavaScript, so it inherits most of the issues that are found at client side JavaScript. However on the server side, it executes on V8 JavaScript engine which gives node the capabilities similar to that of any other server side scripting languages. That difference adds some unique attack surface to Node.js platform. Node.js Security: Pentesting & Exploitation course is one it's kind to teach about Node.js Security.

This course is designed in such a way to address both the requirements of a Web Developer as well as a Web Pentester. For a Web Developer, he will get to know about secure coding, what all things can make his code insecure and how to identify security issues in his code. For the Web Security guy, it gives him an idea on how he should go with securing Node.js Application by performing effective Code Review, Implementing Secure Code, Pentesting, Automating the process of Code Review and finally exploiting the vulnerabilities identified.

As a take away, this course will introduce an open source Node.js Security Analysis tool named NodeJsScan, a Node.js Static Analysis Tool that can detect possible security issues, insecure code and outdated libraries. This tool allows you to extend the scan using it's customisable rule set. You can add your own rules on the go to catch security issues.

Finally this course is one of it's kind with hands on demonstration and walkthrough on identifying security issues, exploiting and fixing them.

The course will cover the following thing

Introduction

Node Specific Security Issues

Global Namespace Pollution

HTTP Parameter Pollution (HPP)

eval() is Evil

Remote OS Command Execution

Untrusted User Input

Regex DoS

Information Disclosure

Lack of Secure Code

Code Review

Automated Code Review with NodeJsScan



Updated on 14 November, 2018
Courses you can instantly connect with... Do an online course on Node Js starting now. See all courses