Patterns & Constructs for Securing Node.js Web Applications

Node.js is an open-source, cross-platform JavaScript runtime environment that is built on Chrome’s V8 JavaScript Engine. While popular among developers, Node.js is still vulnerable to many threats that other languages are prone to on the web and the possibility of an attack still exists. This paper will outline and examine various patterns and constructs that can be used to develop more secure web applications in Node.js by first explaining why the pattern or construct should be used and then how to implement it in the source code.

1. Introduction

Node.js is an open-source, cross-platform JavaScript runtime environment that is built on Chrome’s V8 JavaScript Engine. Since its inception in 2009, Node.js has quickly grown to become one of the most popular runtimes for building web applications. This is because of its many advantages including speed and performance, flexibility and scalability.

However, Node.js is still vulnerable to many threats that other languages are prone to on the web and the possibility of an attack still exists. It is now crucial to design and build an application on the web using widely used, accepted security patterns and constructs that are shown to mitigate common attacks. Not doing so puts the system and the business that operates it at extreme risk.