How to debug memory leaks in a Node.js application on Heroku
Vladimir
Debugging memory leaks is rarely a piece of cake, especially when they only happen in production. The best way I’ve found to debug memory leaks in a Node.js application on…
Browsing Category
Node.js
10 posts
State of Node.js Security 2017
Don Goodman-Wilson
A wake-up call It will be hard to escape 2017 without a new-found respect for the importance of application security. The Equifax breach, resulting from an exploit of a well-known…
Picking the best JS engine for your Node app’s performance
tl;dr Node.js is evolving right now. The recent Node.js v8 version (not to be mistaken with V8, the JavaScript engine) has just been published. In the meanwhile, the ChakraCore based…
Optimize your Node app by simply upgrading Node.js
tl;dr In January, I published an article on RisingStack’s blog. This article was an introduction to Node.js performance (and in V8 JavaScript Engine in general). Now it is time for…
Behind the Scenes: Building a Dynamic Instrumentation Agent for Node.js
TL;DR Building a dynamic instrumentation agent for Node.js is a complex challenge. At Sqreen, we provide a powerful security tool for development teams using Node.js. You will be able to…
How to prevent NoSQL injections in MongoDB in a Node.js app
The MongoDB Apocalypse cruelly reminded to MongoDB users that security should be a major concerns. But configuration is not the only weak spot in MongoDB’s armor. Here is the second…
MongoDB will not prevent NoSQL injections in your Node.js app
Edit: The follow-up on how to prevent NoSQL injections in MongoDB in a Node.js app can be found here. Tl;dr – Mongo $and Node.js $ne safe Using a NoSQL database…
Identify Tor connections in Node.js with Tor-test
We released a new feature to our web-application protection tool: Sqreen now monitors the user traffic originated from Tor. All security events linked to such connections is highlighted, and particular…
Announcing Node.JS + Python support and a new interface
Paul
What is Sqreen? Sqreen is an automated and continuous security solution for developers. It protects web applications with no source code modification or traffic redirection. Once deployed, the solution provides…
One easy way to inject malicious code in any Node.js application
tl;dr This article describes a method of injecting arbitrary code in Node.js modules. It does not encourage unethical behavior. The chain used to include instances of modules can be tampered to…