Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Prototype Pollution Attacks in NodeJS Applications

NorthSec via YouTube

Overview

Explore prototype pollution attacks in NodeJS applications through this informative conference talk. Delve into the concept of prototype pollution, its historical context, and its potential security implications. Learn about APIs that allow prototype pollution and the consequences of such attacks. Discover how an attacker could manipulate base object prototypes with malicious values. Gain insights from security researcher Olivier Arteau as he shares his expertise on this topic. Examine real-world examples, including vulnerabilities in Ghost CMS and Express HBS. Understand the challenges of preventing prototype pollution and strategies for mitigation. Cover key concepts such as constructors, prototypes, merge operations, and immutability. Enhance your knowledge of JavaScript security and improve your ability to identify and protect against prototype pollution vulnerabilities in NodeJS applications.

Syllabus

Introduction
Agenda
Prototypes
Constructor
Proto
Prototype pollution
Merge operation
Merge operation implementation
Clone
Path
Research
Ghost CMS
The biggest problem
The main page
Adding properties
Stop properties
Lazy loading
Template selection
Express HBS
Buzz
Corruption
Immutability

Taught by

NorthSec

Reviews

Start your review of Prototype Pollution Attacks in NodeJS Applications

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.