Nodejs
Explore 25 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
A simple, secure framework for building scalable applications
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
Cybersecurity project for security monitoring of Node.js applications.
Exhaustive checklist for securing Node.js web services with a focus on error handling and custom error pages.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
A library for validating and accessing environment variables in Node.js programs
Check for known vulnerabilities in your Node.js installation.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A vulnerable web site in NodeJS for testing security source code analyzers.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
Taxii2 server for interacting with taxii services.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
A list of disposable email domains to detect or block disposable accounts
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
A logging proxy tool created in response to the 'MongoDB Apocalypse', with Docker support.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.