Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Prototype Pollution Leading to Remote Code Execution in NodeJS

DEFCONConference via YouTube

Overview

Explore a DEF CON 31 conference talk that delves into the critical security implications of Prototype Pollution vulnerabilities in JavaScript applications, focusing specifically on how they can lead to Remote Code Execution (RCE) in NodeJS. Learn how attackers can inject properties into object prototypes to alter program flow beyond simple denial of service attacks, with researchers discovering exploitable gadgets throughout Node.js core code and popular NPM packages. Understand the findings from an extensive analysis of 15 popular Node.js applications that revealed 8 RCE vulnerabilities, and discover how recent Node.js updates are addressing these security concerns. Master the technical details of detected gadgets and vulnerabilities while gaining insights into the broader implications for JavaScript application security.

Syllabus

DEF CON 31 - Prototype Pollution Leads to Remote Code Execution in NodeJS - Shcherbakov, Balliu

Taught by

DEFCONConference

Reviews

Start your review of Prototype Pollution Leading to Remote Code Execution in NodeJS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.