Midwest JS

Yolonda Smith

It’s Coming From Inside The House: An Inside-Out Approach to Nodejs Application Security

Getting application security right often requires that developers have a deeper than average understanding of the security domain. In what other industry is this the case? We don't have to be M.D.s to get a medical diagnosis; we don't have to be auto mechanics to get our cars fixed, yet we in security wag our fingers at "iD10t errors" and build grand mousetraps to catch "so obvious" developer missteps, when they may not know what they need to add, change or remove from their applications to make it "secure" in the first place. Furthermore, patterns to address these issues don't always fit the requirements of the application short or long term, resulting in solutions that only address part of the problem, or worse, are omitted altogether because they are too cumbersome to implement. My answer to this is _spartan–a node application created for developers of node.js applications, not security people. _spartan allows developers to create security policies which address their node app's (whether it be Desktop, Web, Mobile, IoT or API) specific requirements; it installs & configures the modules to match the policy and; it generates the boilerplate code that developers can import directly into their applications.


About

Yolonda Smith is a Lead Infosec Analyst with Target Corporation’s Business Information Security Office (BISO), aligned with the Digital portfolio. In this role, she provides expert security consultancy to developers, business leaders and key stakeholders to ensure that Target’s web and mobile applications are designed, developed and deployed with minimal risk to Target or its guests.