The Case of the Poisoned Event Handler: Weaknesses in the Node.js Event-Driven Architecture

@inproceedings{Davis2017TheCO,
  title={The Case of the Poisoned Event Handler: Weaknesses in the Node.js Event-Driven Architecture},
  author={James C. Davis and Gregor Kildow and Dongyoon Lee},
  booktitle={EUROSEC},
  year={2017}
}
Node.js has seen rapid adoption in industry and the open-source community. Unfortunately, its event-driven architecture exposes Node.js applications to Event Handler-Poisoning denial of service attacks. Our evaluation of the state of practice in Node.js--- combining a study of 353 publicly reported security vulnerabilities and a survey of 151 representative npm modules --- demonstrates that the community is not equipped to combat this class of attack. We recommend several changes to the state… CONTINUE READING
Related Discussions
This paper has been referenced on Twitter 2 times. VIEW TWEETS

Citations

Publications citing this paper.

References

Publications referenced by this paper.

Similar Papers

Loading similar papers…