Node Congress

Node Congress 2023

Web applications face constant threats from DDoS attacks, including the new Zoloris attack that can bring down a server with minimal bandwidth. Node.js has had vulnerabilities in its timeout handling, but recent versions like Node 18 provide better protection. NGINX is recommended for protection against slow loris attacks due to its superior timeout handling. Mitigating slow loris attacks for WebSockets involves enforcing higher timeouts and shutting down idle clients. It is important to prioritize security over performance and use common sense in software development.

<p><span>Web applications are commonly vulnerable to several Distributed Denial of Service attacks, sometimes in unexpected ways. An example is the SlowLoris attack, an exploit that leads to service interruption by simply sending the data to the server as slowest as possible.  In this talk I will tell the tale of how it took almost 13 years for Node to be completely protected by SlowLoris attack. I will also show that sometimes prioritizing performance can lead to incorrect fixes that can result in a false sense of protection.</span> </p>

#react js security