O'Reilly logo

Secure Your Node.js Web Application by Karl Duuna

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Identify Code Injection Bugs in Your Code

First, you need to learn how to recognize a potential code injection vulnerability. In this section, we’ll discuss how injection vulnerabilities are introduced into code so that you’ll know what you shouldn’t do.

Code injections target applications where the functionality is created and interpreted during runtime based on user input. This makes finding possible attack points straightforward. In Node.js there are two interpreter functions to look out for: eval and Function. With these a developer can create a function out of string input and execute it at will.

The easiest way to avoid code injection attacks is to simply not create and evaluate code using user-submitted data. But using dynamically created ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required