<![CDATA[The popularity of Node.js as a server-side application development platform has introduced new security challenges stemming from the dynamic features of JavaScript. Vulnerabilities such as Unrestricted File Upload (UFU) and Server-Side JavaScript Injection (SSJI) often arise from insecure input handling and over-reliance on third-party libraries. This research aims to design, implement, and evaluate a multi-layered security mitigation model for Node.js-based web applications built using the Express.js framework. A constructive research approach was employed, wherein hybrid security middleware was developed to enforce comprehensive validation. This middleware integrates content-based file type validation (magic numbers), file name sanitization to prevent path traversal, and malicious input pattern blocking to mitigate SSJI and prototype pollution. The effectiveness of the model was empirically evaluated within a controlled local testing environment using the Jest testing framework by comparing a vulnerable application against its secured counterpart. Test results demonstrate that the proposed mitigation model successfully blocked 100% of the tested attack scenarios, achieving 100% test code coverage on the core security logic. This research yields a practical solution capable of enhancing the resilience of Node.js applications against common attacks exploiting language-specific features]]>
Copyrights © 2026
