We’re excited to attend EmpireJS 2018 this month and meet fellow Node.js developers. We plan to network and talk all things application security - which isn't a surprise, since Hailstone is a continuous application security platform! We help development teams who automate their functional tests find vulnerabilities in their code.

So, if you're looking to talk shop, be sure to find us wearing the "Hailstone" t-shirts!

The EmpireJS schedule has a mix of great topics and speakers. There’s a lot happening in the Node.js community right now, and the schedule appropriately captures both the technological and cultural shifts that are occurring.

We noticed that many of the talks connect back to an important security concept or lesson. While most talks do not focus on security explicitly, four really stood out to us. Here they are, in no particular order:


Speaker: Holger Bartel

Time: Thursday, September 20th, 9:30am

What’s it about in one sentence: This talk will show how to truly care about users & improve the user experience at the same time.

Why we’re excited for it: This is a very timely talk. Of course, in a post-GDPR world, developers need to be aware of how app functionality affects user privacy. Ethical design does not seem to be talked about enough, so it’s exciting to see this featured at the conference. Also, this is the only talk at EmpireJS with “security” in the description :-) But in all seriousness, we’re a strong believer that great apps are also secure apps. Thank you Holger for kicking off the day with this topic!


Speaker: Ryan Waskiewicz

Time: Thursday, September 20, 10:30am

What’s it about in one sentence:  The concept of the '12 Factor App' will be discussed and describes a methodology for building portable and scalable web applications.

Why we’re excited about it: The purpose of the '12 Factor App' methodology is to: "raise awareness of some systemic problems we’ve seen in modern application development, to provide a shared vocabulary for discussing those problems, and to offer a set of broad conceptual solutions to those problems with accompanying terminology."

In our mind, security can be applied to every one of the 12 factors. Generically speaking, factors like codebase, dependencies, and configuration all have clear and important security considerations. For example, the “Dev/Prod Parity” factor can be partially achieved through the use of Helmet.js. Helmet.js enables developers to enforce consistent HTTP header configurations – an important consideration when code is moved from one environment to another.

We’re looking forward to learning more from Ryan, and also seeing how containers make things easier!


Speaker: Meara Charnetzki

Time: Thursday, September 20, 3:15pm

What's it about in one sentence: If you've spent much time writing (or debugging) JavaScript, you've probably come across some quirky behavior, especially in the strange and wonderful ways Javascript handles math.

Why we’re excited about it: This sounds like a fun talk! JavaScript can be an odd language and we're Meara shares with us what's really going on behind the scenes within ECMAScript. Just make sure to never use the eval() method when building calculations that include user-supplied input :-)


Speaker: Ethan Garofolo

Time: Thursday, September 20, 4pm

What’s it about in one sentence:  This talk examines the microservices trend and leverages real-world experience to help you understand what tools you can put into action today.

Why we’re excited about it: Microservices are all the rage, especially in the enterprise. Legacy monolithic applications are being rewritten into microservice architectures, which changes how teams build, test and release code. Security is forced to adapt to this technological and cultural shift – especially since microservices increase attack surface due to the increased reliance on service-to-service communication over HTTP!  While we expect Ethan to raise some important points about microservice design, we’re also excited to learn about the tools he’s using to manage this new complexity.

See you there!

These are only a few examples of the amazing talks at EmpireJS this year. We’d like to give a special shout-out to all presenters and EmpireJS organizers for putting together a great line-up of talks this year! See you on September 20th!

Want a demo of Hailstone?

Hailstone is a continuous application security platform that uses your existing functional tests to find vulnerabilities in your code. We're currently in early access and seeking Design Partners to provide us with feedback.

If you're interested in joining, or seeing a demo, sign up for our mailing list - we'll be in touch shortly!

You can find us on Twitter at @HailstoneSec