Come visit us at Node Summit SF!
We are excited to be sponsoring Node Summit this coming week! Come visit our booth and learn more about how Intrinsic can protect your Node.js applications from bugs and malicious code. Also come grab an Intrinsic sticker and T-shirt! Our booth is located on the second floor near the staircase.
We will also be giving 3 talks! Learn more below:
The VM Module: Why it’s not a Security Sandbox
Bryan English, Software Engineer at Intrinsic
Day 0 (7/23): 2:15PM — 2:45PM
Location: Level 1, Fisher West
The Node.js documentation states “The vm module is not a security mechanism. Do not use it to run untrusted code.”, but why does it say that? I’ll go over what the module does, and more importantly what it doesn’t do, in an attempt to explain the reasoning behind why `vm` shouldn’t be used for security purposes. There are some valid use-cases for it though, and I’ll go over those too.
Finding and Preventing Bugs in JavaScript Bindings
Deian Stefan, Chief Scientist at Intrinsic
Day 2 (7/25): 12:35PM — 1:00PM
Location: Fisher West
JavaScript prevents developers from introducing entire classes of bugs that plague low-level languages (e.g., buffer overflows, use-after-frees, and memory leaks). Unfortunately, JavaScript also introduces new classes of severe, exploitable flaws that are often less obvious than low-level code bugs. These bugs lie in the runtime system itself, often in the binding layer that bridges JavaScript and C/C++, the low-level languages used to implement the runtime system. In this talk, I will describe several classes of bugs that plague the Node.js binding layer, the µchex framework used to find these bugs, and our approach to making Node.js more secure.
Property Descriptors, Getters/Setters, and Proxies, Oh My!
Thomas Hunter II, Software Engineer at Intrinsic
Day 2 (7/25): 3:05PM — 3:30PM
Location: Fisher West
In this talk we’ll take a look at some advanced features in the JavaScript language, specifically features which have to do with objects and their properties. First we’ll cover Property Descriptors which includes such descriptors as Enumerable, Configurable, and Writable. Under this same umbrella are Getter and Setter descriptors which trigger function calls. Finally we’ll look at Proxies and their Traps, which are functions that are called when an object is used in a particular way (such as For/Of loops or reading the objects keys).
