Node.js has become more and more, and lots of enterprise and B2C application implement their server with Node.js. It is becoming important to know what are the possible vulnerabilities in your Node.js server. In this talk, I will give some security tips in Node.js. I will show you what code can be vulnerable using built in Node.js functionality, and I will talk about the alternatives. I will also present several packages that can help you find vulnerabilities in your code and in your dependencies much more quickly , and pass your penetration testing much faster. As a developer, after this talk you will be able to write a more secure code in Node.js.