Explore techniques for detecting prototype pollution vulnerabilities at scale in this 38-minute conference talk from NahamCon2021. Learn how to leverage the chromedp package in Go to automate client-side security testing for prototype pollution issues. Discover practical approaches to implement large-scale scanning for this common web application vulnerability, overcoming the challenges of identifying client-side security flaws programmatically. Gain insights into writing efficient Go code to interact with web browsers and analyze JavaScript execution for potential prototype pollution vectors.
Overview
Syllabus
NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNomDotCom
Taught by
NahamSec
Related Courses
-
Server-Side Prototype Pollution: Detection and Exploitation Techniques - OWASP AppSec Dublin
-
Server Side Prototype Pollution - Blackbox Detection Without The DoS
-
Prototype Pollution Attacks in NodeJS Applications
-
Prototype Pollution Leads to RCE - Gadgets Everywhere
-
Discover Web Application Security Issues using Burp Proxy
-
Using Snyk to Find & Fix Vulnerabilities
