Not too long ago we blogged about our (mis)adventures in finding new vulnerabilities in popular software. We briefly mentioned how cookies and WebStorage come with their own set of security benefits and challenges. By combining them, we envision a session handling solution with ludicrous security properties.
As security researchers we take pride in helping our clients by identifying security issues before they wreak havoc. We usually focus on code developed by our clients but sometimes we broaden our efforts to include commonly used software such as webbrowsers. We believe fame (not fortune) awaits us in the form of an assigned CVE if we're able to identify an issue in, say, the WebStorage implementation of Firefox.
NodeJS is rapidly becoming prevalent as the platform of choice in projects of our clients. One of the advantages of this relatively new platform is the abundance of open source libraries: ‘middleware’ in Node-speak. This is a good thing of course, it increases speed of development and we all know that recycling is good for the environment.
