Resources

Books

• CyBok | The Cyber Security Body of Knowledge

Courses

• Stanford | CS 253 Web Security

Presentations

• OWASP | Node.js Security Done Rigth
• OWASP | Patterns in Node Package Vulnerabilities
• CKarande | Top Overlooked Security Threats to Node.js Web Applications

Videos

• FOSDEM | Hacking NodeJS applications for fun and profit
• Commit Conf | Desarrollo seguro en NodeJS OWASP top ten y buenas prácticas en JWT
• Snyking In | Directory traversal vulnerability exploit in the st package
• Snyking In - Regular Expression Denial of Service vulnerability exploit in the ms package
• Devoxx | Switching on DevSecOps
• InfoQ | The Three Faces of DevSecOps
• InfoQ | Securing Serverless – by Breaking in
• Serverlessconf | Serverless Security: What’s Left To Protect
• 🇪🇸 JSDayES 2016 | Que no te peten el Node
• 🇪🇸 JSDayCanarias | ¿Tu servidor con Nodejs es vulnerable?

Blog Posts

• Snyk | What is a backdoor? Let’s build one with Node.js
• Snyk | Why npm lockfiles can be a security blindspot for injecting malicious modules
• We’re under attack! 23+ Node.js security best practices

Other

• The state of open source security report 2019
• OWASP | Cheatsheets
• sbilly/awesome-security | A collection of awesome software, libraries, documents, books, resources and cools stuffs about security
• lirantal/awesome-nodejs-security | Awesome Node.js Security resources
• enaqx/awesome-pentest | A collection of awesome penetration testing resources, tools and other shiny things
• PaulSec/awesome-sec-talks | A collected list of awesome security talks
• hackermovie | 🎬 A curated list of movies every hacker & cyberpunk must watch.
• Snyk | Shifting Docker security left
• Snyk | Snyk CLI Cheat Sheet
• Snyk | NPM 10 npm Security Best Practices
• Snyk | Zip Slip Cheat Sheet
• Snyk | 10 GitHub Security Best Practices