- 7 Tools to Scan Node.js Application for Security Vulnerability
- Node.js Security Done Right
- Controlling the Node.js security risk of npm dependencies
- We’re under attack! 23+ Node.js security best practices
- Code Assisted Penetration Testing of a NodeJS App
- Nodexp – A Server Side Javascript Injection Tool Capable Of Detecting & Exploiting Node.js Vulnerabilities
- Node.Js Server-Side JavaScript Injection Detection & Exploitation
- An Introduction to Penetration Testing Node.js Applications
- JWT Authentication & Authorization in NodeJs/Express & MongoDB REST APIs(2019)
- NodeJS Application Pentest Tips - Improper URI Handling in Express
- Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye
- Securing Your Node.js App
- Exploiting Node.js deserialization bug for Remote Code Execution
- Celestial — A Node.js Deserialization HackTheBox Walk-through
- Node.Js Deserialization Attack – Detailed Tutorial 2018
- HACKING NODE SERIALIZE REMOTE CODE EXECUTION DONE NICELY
- Code Review of Node.Js Applications: Uncommon Flaws
- Secure coding and penetration testing with Node.js
- Methodology — Secure Code Review for Node.JS Express Apps
- nodejs-security
- awesome-nodejs-security
- nodejs-security-must-know
- Documentation for Essential Node.js Security
- nodebestpractices
- nodexp
--To be Updated--
- NodeGoat Hosted on Heroku - Walkthrough
- OWASP JuiceShop - Walkthrough
- XVNA (eXtremely Vulnerable Node Application)