Theses Help

View Item

Title Analysis of Node.js web application security
  1. Analysis Node.js platform web application security.pdf
  2. Analysis Node.js platform web application security.pdf
  3. Analysis Node.js platform web application security.pdf
Firstname Karl
Lastname Düüna
Type Master
Date 2012-06-10
Abstract The security of a web application composes of not only the realisation of the application, but also the underlying platform and the various technologies that have been used. This thesis analyses the security aspects of one relatively new platform – Node.js. Although the thesis focuses on the security aspects of a web application, a large part of it can be expanded to all Node.js platform network applications.
Node.js platform has two important differences compared to traditional web application platforms. Firstly the platform is event-based and uses one main thread for its event loop, which forces developers to use asynchronous interfaces for I/O operations. This architecture tries to simplify the creation of big scalable web applications. The thesis investigates how the architectural choices of Node.js affect the security of applications running on it.
The second important difference is that Node.js applications are written in JavaScript. JavaScript is a dynamic programming language with functions as first class citizens and that, among other features, supports changing and expanding objects as well as defining functions at runtime. It is widely used on web pages, where it is run in a sandbox defined by the browser. Using this language on the server side, where the process lifetime is longer, must be secure and able to service many clients concurrently, challenges the developers and requires some change in current practises.
This thesis analyses the possible dangers and weaknesses of using Node.js platform and server side JavaScript. Example applications are also tested against common Denial of Service attacks. The final chapter of the thesis gives recommendations for writing and configuring secure and stable web applications on Node.js platform.

Supervisor Andres Ojamaa
Curricula IVCM