The security of a web application composes of not only the realisation of the application, but also the underlying platform and the various technologies that have been used. This thesis analyses the security aspects of one relatively new platform – Node.js. Although the thesis focuses on the security aspects of a web application, a large part of it can be expanded to all Node.js platform network applications.
Node.js platform has two important differences compared to traditional web application platforms. Firstly the platform is event-based and uses one main thread for its event loop, which forces developers to use asynchronous interfaces for I/O operations. This architecture tries to simplify the creation of big scalable web applications. The thesis investigates how the architectural choices of Node.js affect the security of applications running on it.