Node Security and Performance Training

September 16th, 2014
Hub Westminster 1st Floor, New Zealand House, 80 Haymarket, London, SW1Y 4TE

One day hands on training about Node.js Security and Performance brought to you in cooperation by YLD! and ^Lift Security. Delivered by Matthew Lowe and Pedro Teixeira, with a little help from David Dias and Adam Baldwin.

Curriculum

In this training, you will have the opportunity to learn about:

performance:

  • Defining and measuring the performance of a Node app
  • Techniques for monitoring
  • Understanding the Event Loop
  • Measuring Event Loop Lag
  • Understanding what the CPU is doing using Dtrace and V8 profiling
  • How Garbage Collection works and impact on performance
  • How to use tools like Heap-dump and MDB to analyze V8 memory
  • Fixing I/O-bound processes
  • Fixing CPU-bound processes
  • Fixing memory-bound processes
  • Techniques to improve performance of hot code paths

security:

  • Approaches for building securely with both Hapi and Express
  • Authentication, Authorization and Session Management
  • Handling Sensitive Data
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection / Command Injection
  • Directory Traversal
  • Mass Assignment
  • Security Headers
  • Security Misconfiguration
  • Using the Node Security Project to identify known vulnerabilities

Schedule

  • 09:00H - Welcoming and face to face meeting, get your computer set up
  • 09:10H - Training Starts
  • 12:30H - Lunch
  • 18:00H - Training Ends

*Try to be at the venue 10 minutes early

Ticket Includes

  • Full day of Training
  • Coffee and Tea Service
  • Lunch

Seats are limited

Tickets

Event map

Additional Information

Meet your Trainers

Matthew Lowe - For over a decade, Matt has worn backend, frontend, and ops hats. His interest in security research gradually wooed him to “the dark side,” but one of his greatest passions is teaching.

Pedro Teixeira - Pedro is a Principal at Yield. Software Architect specialized in computer security, Pedro spends his time working on Node.js applications. He's the author of several commonly used Node.js modules, the Node Tuts screencast, and the Professional Node.js book.

Adam Baldwin - As a longtime leader in the Node community and founder of the Node Security Project, it’s rare that “Node” and “security” get discussed without involving or mentioning Adam Baldwin.

David Dias - Passionate about security, David is one of the leaders of the Node Security Project and the organizer of LxJS.

Luke Bond

Luke Bond - Luke is a Senior Consultant at Yield. A developer with a diverse background, he has most recently been one of the lead Playstation server developers at Sony Computer Entertainment in London, building their next generation, cloud-hosted, online game services platform. Responsible for the introduction of Node.js to the team, he knows how to build responsive, robust, secure and scalable servers that are battle-tested in production.

Who is this for?

This workshop is aimed at software engineers that want to get hands on knowledge in advanced Node.js topics . You should have some experience coding for the web, and be able to write HTML and JavaScript. This workshop is particularly well suited for people experienced in Node.js that want to improve their existing skill-set.

BYOD

Don't forget to bring your laptop, ideally with Node.js installed. Internet is great at the venue, so that should be no problem

Prerequisites

You will get a lot more out of this course if:

  • You have a basic understanding of Node.js.
  • You have or want to build an app using Express or Hapi.

Where

Venue

Links