Node.js: Successful, exciting... and bares security risks

Tuesday, 09 Jun 2015 11:00AM EDT (09 Jun 2015 15:00 UTC)
Speaker: Amit Ashbel

Five years after its debut, it seems that node.js has become the most popular cross platform runtime environment for server side applications written in JavaScript.

There is no argument about the power of node.js however as with any coding language or framework, security issues are just around the corner waiting to be picked up.

In this talk, we discuss new attack techniques against applications built on top of the Node.js language.

Attacks include:

Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
Forgot your Password ? - Let's see if we can guess it for you.
Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature

Login to Register

Related Content

CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg

Aviata Cloud Solo Flight Challenge

Master cloud security by tackling this free series of workshops.

SANS Cloud Security

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

340x340-Homepage_Inclusions_Cloud_Security_Curriculum.jpg

Cloud Agnostic or Devout?

Why Securing Multiple Clouds Using Terraform is Harder Than You Think