CSFV - Issues and Vulnerabilities and Best practices for developing secure NodeJS

Register
Submit a solution
The challenge is finished.

Challenge Overview

Project Overview

TopCoder is working on building a community gaming as part of The Crowd Sourced Formal Verification (CSFV) program.

The Crowd Sourced Formal Verification (CSFV) program seeks to make formal program verification more cost-effective by reducing the skill set required for verification. The approach is to transform verification into a more accessible task by creating a game that reflects the code model, is intuitively understandable, and is fun to play. Completion of the game effectively helps the program verification tool complete the corresponding formal program verification proof.

The goal of this contest is to create a “Issues, Vulnerabilities and Best practices for developing secure NodeJS” document that we will provide to the developers, architects, and reviewers in the contests for developing the website. The purpose will be to make sure that we document all the best practices and make sure we are aware of all the possible vulnerabilities of Node.JS, document all fixes and patches to address these, and compile a list of best practices to make sure we are developing well structured and secure code.

Requirements

We are going to use NodeJS to develop the gaming website, we are turning to you to make a research on NodeJS and document what security issues, vulnerabilities exit in NodeJs, and document best practicies to avoid each one of them in NodeJS. Here is what you need to address in your submission : 

  • http://cwe.mitre.org/top25 You must address the 25 items in this link - this is the definitive list of issues that we want to avoid in NodJS and MUST be included in your submission. We need to find a way to find how we can avoid each issue, has been avoided or addressed when developing for NodeJS.
  • For each issue, provide the following :
    • Issue description : you can copy the item description from above link but you need to mention that in your submission.
    • Example or pesudo-code for how to replicate the issue
    • Status : whether this has been addressed by official release, or in the official bug list, or it can never occur on NodeJS
    • Best practicees/Recommendation for how to avoid the issue
    • Screenshots (if available!)
    • (You can get your answers from published solution in the internet but you need to properly mentioned in your submission)
  • It MUST be easy for developers and architects to refer to the document during design/development, and easy for reviewers to refer to when reviewing the submissions.

Audience

Developers, architects, and reviewers of the CSFV project in TopCoder community.

What is the maximum length of words or pages for this content?

No restriction

In what format do you want to see the content?

Word document, rft, HTML, pdf.

Submission format?

All files should be archived as zip and uploaded to Online Review.

Awards

This competition will run as a single-round tournament with total prize purse of $2,250.

Review Guidelines

The review board will likely be a mix of TC staff and TC members.



Final Submission Guidelines

  • Submission can be any of the following formats : word document, rtf, HTML, pdf
  • The document should be well organized, each issue should have the following items :
    • Issue description : you can copy the item description from above link, but you need to mention that in your submission
    • Example or pesudo-code for how to replicate the issue
    • Status : whether this has been addressed by official release, or in the official bug list
    • Best practicees/Recommendation for how to avoid the issue
    • Screenshots (if available!)
    • (You can get your answers from published solution in the internet but you need to properly mentioned in your submission)
  • All files should be archived as zip and uploaded to the Online Review.

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30029078