A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

<table class="fixed-width table-group" id="tab4"><tr><td><table class="table"><colgroup><col style="width:12.91em"/><col style="width:11.48em"/></colgroup><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Type of policy </td><td class="align_center"> # Vulnerabilities involved </td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left">① Input filtering</td><td class="align_center"> 31 (42%)</td></tr><tr><td class="align_left">② Output filtering</td><td class="align_center"> 7 (10%)</td></tr><tr><td class="align_left">③ Additional logic</td><td class="align_center"> 12 (16%)</td></tr><tr><td class="align_left">④ Denial-of-Service filtering</td><td class="align_center"> 19 (26%)</td></tr><tr><td class="align_left">⑤ Out of scope</td><td class="align_center"> 4 (5%)</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Summary of the reported vulnerabilities of the Node Security Project and their corresponding type of policy. About 95% are in scope for N<small class="sc">ODE</small>S<small class="sc">ENTRY</small>.</div>

Security and Communication Networks

tab4

Table 4

Table 4: A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries 