Security concerns for node.js deployment [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 8 years ago.

Improve this question

i am currently having some issues with my current deployment of my node.js at amazon AWS.

i have developed an application for some small company to use.

now that company wants that i will have some kind of WAP (web application firewall).

well, i check at aws markets place and i saw some solutions but they are way to costly for me plus it will be difficult for me to deploy the fire wall since i don't have much knoledge that area.

so i looked into heroku and nodejitsu. i thought maybe i will transfer my application to their service and still use amazon SES (simple email service) and RDS (i am using mysql database). because i saw that nor heroku nor nodejitsu offer mysql.

the real issue here is that i tried searching over the web for information regrading heroku or nodejitsu security. this is the reason that i want to transfer in the first place. why isn't there any information regarding the security of those services in their home page or something?

so are those SAAS are well secured? so i won't need to care about DDOS, sql injections and all that a basic application firewall would have achieved for me?

i hope i made my question clear.

thanks.

Answer 1

so are those SAAS are well secured? so i won't need to care about DDOS, sql injections and all that a basic application firewall would have achieved for me?

There are some kind of security issues, such as SQL injection, that cannot be prevented or fixed by an infrastructure provider. It's completely up to you to make sure that the code you develop is not buggy.

Talking about security in general, it's easy to understand that these major players have all the interest to make their platform as secure as possible. Your question it's extremely generic and it's hard to provide a specific answer.

You may want to check the documentation provided by the providers, such as the Heroku Security page to learn more about their security policy.

Generally speaking, PaaS providers have team of security experts working for them to secure their application and it's likely that they will be able to provide a better level of security compared to a single person managing an entire infrastructure, no matter how good is this person.