Node.js has become more and more, and lots of enterprise and B2C applications implement their servers with Node.js. It is becoming important to know what the possible vulnerabilities in your Node.js server are. In this talk, I will give some security tips regarding Node.js. I will show you what code can be vulnerable using built-in Node.js functionality, and I will talk about the alternatives. I will also present several packages that can help you find vulnerabilities in your code and in your dependencies much more quickly and pass your penetration testing much faster. As a developer, after this talk you will be able to write more secure code in Node.js.