Submit Search
Upload
Node Security Project - LXJS 2013
•
1 like
•
2,356 views
Adam Baldwin
Follow
Technology
Business
Report
Share
Report
Share
1 of 41
Download now
Download to read offline
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
More Related Content
Similar to Node Security Project - LXJS 2013
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Similar to Node Security Project - LXJS 2013
(18)
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Continuous Delivery at Netflix
Continuous Delivery at Netflix
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Ilugc curl
Ilugc curl
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
Practical mitm for_pentesters
Practical mitm for_pentesters
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
ADAM
ADAM
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
More from Adam Baldwin
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Security First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
More from Adam Baldwin
(14)
Attacking open source using abandoned resources
Attacking open source using abandoned resources
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Security First - Adam Baldwin
Security First - Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Recently uploaded
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Zilliz
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Recently uploaded
(20)
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Node Security Project - LXJS 2013
1.
Wednesday, October 2,
13
2.
Hi, I’m Adam Wednesday,
October 2, 13
3.
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity Wednesday,
October 2, 13
4.
Hi, I’m Adam @evilpacket Wednesday,
October 2, 13
5.
Wednesday, October 2,
13
6.
Wednesday, October 2,
13
7.
Wednesday, October 2,
13
8.
Wednesday, October 2,
13
9.
Wednesday, October 2,
13
10.
Node Security Project Wednesday,
October 2, 13
11.
Why Wednesday, October 2,
13
12.
•precommit-hook for linting •pull
requests for peer review •education / values Things we had control over Wednesday, October 2, 13
13.
•other peoples code •the
delivery system (npm) Things we didn’t have control over Wednesday, October 2, 13
14.
npm install altlhethings Wednesday,
October 2, 13
15.
npm install fs Wednesday,
October 2, 13
16.
npm install http Wednesday,
October 2, 13
17.
npm install socketio Wednesday,
October 2, 13
18.
404 Wednesday, October 2,
13
19.
~/analyzer$ node print.js
./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354 Wednesday, October 2, 13
20.
•Core modules.... •Punctuation is
hard •Improve integrity checking Conclusions Wednesday, October 2, 13
21.
Wednesday, October 2,
13
22.
How Wednesday, October 2,
13
23.
nodesecurity.io/contributors Wednesday, October 2,
13
24.
New Process Wednesday, October
2, 13
25.
Wednesday, October 2,
13
26.
Wednesday, October 2,
13
27.
Wednesday, October 2,
13
28.
Wednesday, October 2,
13
29.
Wednesday, October 2,
13
30.
Wednesday, October 2,
13
31.
Wednesday, October 2,
13
32.
child_process.exec [pid 31152] execve("/bin/sh",
["/bin/sh", "-c", "ls"] child_process.execFile [pid 31176] execve("/bin/ls", ["/bin/ls"] Wednesday, October 2, 13
33.
Wednesday, October 2,
13
34.
Catalyst for Change Wednesday,
October 2, 13
35.
Improved Resources Wednesday, October
2, 13
36.
Private issues & Pull Requests Wednesday,
October 2, 13
37.
“I wish @github
had private issues and pull requests for open source projects to improve responsible disclosure of security issues! Please RT” j.mp/lxjs-nsp Wednesday, October 2, 13
38.
nodeschool.io Wednesday, October 2,
13
39.
security.md Wednesday, October 2,
13
40.
github.com/nodesecurity Wednesday, October 2,
13
41.
</presentation> @adam_baldwin @liftsecurity @nodesecurity @evilpacket Wednesday, October 2,
13
Download now