Kali Linux

NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

NodeSecurityShield is a Developer and Security Engineer friendly package for Securing NodeJS Applications.

Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls.

We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder.

To achieve this, NSS (Node Security Shield) has Resource Access Policy.

Resource Access Policy (RAP)

Resource Access Policy is similar to CSP(Content Security Policy).

It lets the developer/security engineer declare what resources an application should access. And Node Security Shield will enforce it.

Installation

Install Node Security Shield using npm

npm install nodesecurityshield

Usage

// Require Node Security Shield
let nodeSecurityShield = require(‘nodesecurityshield’);
// Enable Attack Monitoring and/or Blocking
nodeSecurityShield.enableAttackMonitoring(resourceAccessPolicy ,callbackFunction);

Sample resourceAccessPolicy

const resourceAccessPolicy = {
“outBoundRequest” : {
“blockedDomains” : [“.123.com”, “stats.abc.com”, ‘xyz.com’], “allowedDomains” : [“.domdog.io”]
}
};

Sample callbackFunction for Attack Monitoring

var callbackFunction = function (violationEvent) {
console.log(violationEvent);
}

Sample callbackFunction for Attack Blocking

var callbackFunction = function (violationEvent) {
throw new Error(“Request Blocked. It violates declared Resource Access Policy.”)
}

Integrating with Sentry

Sample resourceAccessPolicyto integrate with Sentry

const resourceAccessPolicy = {
“reportUriHosts” : [“ingest.sentry.io”],
“outBoundRequest” : {
“blockedDomains” : [“.123.com”, “stats.abc.com”, ‘xyz.com’], “allowedDomains” : [“.domdog.io”]
}
};

Features

  • Attack Monitoring
    • Outbound Network Calls
  • Attack Blocking
    • Outbound Network Calls
R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

3 hours ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

23 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

1 day ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 day ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 day ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 day ago