NodeJS is one of the fastest growing platforms nowdays and from a security point of view is necessary to know all posibilities that the platform offers to developers.This is a talk that explains some of the most common problems in NodeJS applications and how using frequently used tools it is possible to exploit such vulnerabilities.Also I will show what are the main vulnerabilities we can found and how we can fix them in our applications. These could be the talking points: -Node.js security packages. I will comment how to protect express applications in terms of authentication, logging,middleware and security best practices before put applications in production. -How to prevent OWASP TOP 10 in a NodeJS application In this point I will comment the OWASP NodeGoat project that provides an environment to learn OWASP Top 10 security risks. I will comment the main risks we can find in nodejs applications from a attacker perspective. -Tools which will help to protect our node applications like NodeJSScan allow detecting vulnerabilities following some predefined rules