Skip to content

Details

At long last! The November OWASP DC Meetup is here! Please join us Wednesday, November 1, for a special talk on Node.js security.

Igor Matlin, Senior Solutions Architect, will walk us through some of the cutting edge attacks in Node.js. See you then!

Bio: Igor has over 20 years of technical experience in high-tech companies as a software engineer and technical lead. Prior to joining Checkmarx as our Senior Solutions Architect, Igor worked as a Technical Manager at Myriad, a leading mobile software company, and as a Software Engineer and Product Manager at Novarra, acquired by Nokia in 2010. Igor is an appreciated speaker at forums such as ISC2 and OWASP.

Igor received his B.Sc in Computer Science and Math from Christian Brothers University in Memphis, TN

Abstract: Node.js is the drive-and-go language, and its popularity is soaring. In only five years after its debut, the language’s framework boasts more two million downloads a month.

Before accelerating too quickly, it is important to understand the power – and corresponding mishaps – of this language.

In this talk, we demonstrate new attack techniques against applications built on top of the Node.js language.

Attacks include:

Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests. Password exposure attacks. Leveraging the “Forgot My Password” feature of applications in order to reveal the passwords of all the application’s users. Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature.

Related topics

Events in Washington, DC

You may also like