Secure your Node.js apps from bugs and malicious code
Get in touch
A smarter way to secure your Node.js apps
Securing your own code is hard—even worse, the vast majority of an average Node.js application is made up of untrusted third-party code that unsafely interacts with your sensitive resources. Intrinsic allows you to run all code (even malicious!) safely.
How it works
Unlike most runtime security solutions, which try to defend against app-level attacks by analyzing or monitoring behavior, Intrinsic protects against attacks by enforcing that your code only executes as expected.
This is the result of years of research to create a new language-specific virtualization technology that is able to enforce fine-grained security policies at runtime.
Protecting your app is simple: include the Intrinsic library, write security policies, and Intrinsic makes sure your app runs safely.
Intrinsic applies the principle of least-privilege to your application and reduces your attack surface dramatically.
Intrinsic protects your sensitive resources against worst case scenarios like code injection attacks and malicious NPM modules.
Intrinsic is just a library and is fully compatible with legacy code. There's no need to modify how you currently deploy and write your code.
Intrinsic for AWS Lambda
Intrinsic secures Lambda functions with just a few lines of code. Specify security policies such as whitelisting HTTP endpoints, restricting access to the file system, and controlling child processes. Intrinsic enforces these polices at runtime, protecting against bugs, exploits, and malicious code.
Intrinsic is built on the shoulders of years of academic research in the fields of security and systems led by parts of its team at Stanford University. Some of our previous work includes DARPA-, DoD-, and Google-funded research and projects like bcrypt, Kademlia, tcpcrypt, Hails and COWL.