Is Node.js the future of backend development, or just a beautifully wrapped grenade?
Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.
When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.
Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.
Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.
Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.
I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.
So I wonder:
Is this the future? Or am I just… old?
Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?
Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.
Security isn’t just about compliance—it’s about building stronger applications. In this episode, @Marcociappelli and @seanmartin chat with Jim Manico about developer training, @owasp and how security fuels business success. Want to build secure software from the start? Tune in now!
Watch now: https://youtu.be/OJXD_cS1JJM
Listen now: https://brand-stories-podcast.simplecast.com/episodes/turning-developers-into-security-champions-the-business-case-for-secure-development-a-manicode-brand-story-with-jim-manico
Read now: https://www.itspmagazine.com/their-stories/turning-developers-into-security-champions-the-business-case-for-secure-development-a-manicode-brand-story-with-jim-manico
Download the Course Catalog: https://itspm.ag/manicode-x684
If you are thinking of purchasing my new book, Alice and Bob Learn Secure Coding, as a favor to me, please consider buying it on or before February 5th.
https://shehackspurple.ca/books/
#appsec #securecoding
A Bit of Security for Feb 16, 2024
How can we cut down on the number of security defects in code? Let’s take a deep dive into the software development life cycle – the SDLC. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #Securecoding #SDLC #CleanroomSoftware #BitofSec
https://youtu.be/dKBXvubN_gE
A Bit of Security for February 14, 2024
Why are there security vulnerabilities in code? What can we do about it? Listen to this -
https://youtu.be/gXYOplbLO7w
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #securecoding #codescanning #staticanalysis #BitofSec
"(In)Secure C++" live public online training Aug 8th - 11th (CET)
In this 4-day training I teach how C and C++ applications can be exploited, and how you can find vulnerabilities that can be exploited. Frequently referred to as the "best training I have ever attended" by students.
Sign up, seats are limited. 20% discount on bookings of 2 or more seats, example: 2000€ for one seat, 3200€ for two.
#cpp #securecoding #hacking
https://turtlesec.no/blog/insecure-cpp/
Referenced link: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://twitter.com/TheHackersNews/status/1598626031782416384#m
What Developers Need to Fight the Battle Against Common Vulnerabilities
Read: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
OK time for this one!
Hey #Hachyderm I'm Dan Conn and I've been a software developer for just over 10 years, with a strong interest in cybersecurity for just as long.
Professionally I'm interested in #Java, #Python, #SecureCoding #SoftwareSupplyChains, #ThreatModelling, #OSINT4Good #PenTesting #AppSec and #Cryptography
I like to do talks, hack, code, run and also love making music and listening / dancing to it too
Come say hi!