SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Partagez
  • E-mail
  • Intégrer
  • J'aime
  • Télécharger
  • Contenu privé
 

ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven Vetsch

par on Nov 26, 2012

  • 2,896 vues

New technologies are a good thing as they drive innovation. Especially in the web world, innovation is what lead to todays popularity of Sites like Google, Twitter and Facebook. Regarding security, ...

New technologies are a good thing as they drive innovation. Especially in the web world, innovation is what lead to todays popularity of Sites like Google, Twitter and Facebook. Regarding security, new technologies also come with the possibility to avoid known security issues already in the design of a technology or for example a new programming language. Unfortunately most of the time, security is not a main focus and therefor also known faults are done over and over again. In addition to this, new technologies also tend to invent new vulnerability classes or at least open new ways to exploit known security issues.
In this talk I’ll take as a practical example the Node (Node.js) project which allows server side non-blocking JavaScript development. It’s great to have the same language for the frontend as for the backend as it makes things much easier to connect and also the frontend and backend developers can better understand each others work. Many people still think about JavaScript as static *.js files somewhere in a web accessible directory which is not security relevant as it’s static. This is simply not the case. In the past there where already a lot of reported security problems in JavaScript so the question is: Will those problems also affect Node? I will answer this and more questions during the talk but be assured, we’ll end up with a reverse shell

Statistiques

Vues

Total des vues
2,896
Vues sur SlideShare
2,890
Vues externes
6

Actions

J'aime
6
Téléchargements
31
Commentaires
0

1 intégré 6

http://nodeslide.herokuapp.com 6

Accessibilité

Détails de l'import

Importé via SlideShare au format Adobe PDF

Droits d'utilisation

© Tous droits réservés

Report content

Signalé comme inapproprié Signaler comme inapproprié
Signaler comme inapproprié

Select your reason for flagging this presentation as inappropriate.

Annuler
Poster un commentaire
Modifier votre commentaire

ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven Vetsch ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven Vetsch Presentation Transcript