Location visible to members
The Node.js Highway: Attacks Are At Full Throttle
Node.js is the drive-and-go language and its popularity is soaring. Five years after its debut, and the language’s framework boasts more 2M downloads a month. Before accelerating too quickly, it is important to understand the power – and corresponding mishaps – of this language. In this talk, we demonstrate new attack techniques against applications built on top of the Node.js language. Attacks include:
• Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
• Password exposure attacks. Leveraging the “Forgot My Password” feature of applications in order to reveal the passwords of all the application’s users
• Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature.
Susan St.Clair, CWAPT
Solution Engineer – Checkmarx
Susan currently works with organizations to help implement secure coding practices as part of their SDLC as part of the Checkmarx GTA team. She has over 15 years of experience working with application teams in the software industry.
She was previously a product manager and solution engineer with Codiscope, now part of Synopsys.