Submit Search
Upload
Node Security Project - LXJS 2013
•
1 like
•
2,356 views
Adam Baldwin
Follow
Technology
Business
Report
Share
Report
Share
1 of 41
Download now
Download to read offline
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
More Related Content
Similar to Node Security Project - LXJS 2013
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Similar to Node Security Project - LXJS 2013
(18)
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Continuous Delivery at Netflix
Continuous Delivery at Netflix
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Ilugc curl
Ilugc curl
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
Practical mitm for_pentesters
Practical mitm for_pentesters
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
ADAM
ADAM
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
More from Adam Baldwin
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Security First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
More from Adam Baldwin
(14)
Attacking open source using abandoned resources
Attacking open source using abandoned resources
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Security First - Adam Baldwin
Security First - Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Recently uploaded
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Recently uploaded
(20)
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Node Security Project - LXJS 2013
1.
Wednesday, October 2,
13
2.
Hi, I’m Adam Wednesday,
October 2, 13
3.
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity Wednesday,
October 2, 13
4.
Hi, I’m Adam @evilpacket Wednesday,
October 2, 13
5.
Wednesday, October 2,
13
6.
Wednesday, October 2,
13
7.
Wednesday, October 2,
13
8.
Wednesday, October 2,
13
9.
Wednesday, October 2,
13
10.
Node Security Project Wednesday,
October 2, 13
11.
Why Wednesday, October 2,
13
12.
•precommit-hook for linting •pull
requests for peer review •education / values Things we had control over Wednesday, October 2, 13
13.
•other peoples code •the
delivery system (npm) Things we didn’t have control over Wednesday, October 2, 13
14.
npm install altlhethings Wednesday,
October 2, 13
15.
npm install fs Wednesday,
October 2, 13
16.
npm install http Wednesday,
October 2, 13
17.
npm install socketio Wednesday,
October 2, 13
18.
404 Wednesday, October 2,
13
19.
~/analyzer$ node print.js
./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354 Wednesday, October 2, 13
20.
•Core modules.... •Punctuation is
hard •Improve integrity checking Conclusions Wednesday, October 2, 13
21.
Wednesday, October 2,
13
22.
How Wednesday, October 2,
13
23.
nodesecurity.io/contributors Wednesday, October 2,
13
24.
New Process Wednesday, October
2, 13
25.
Wednesday, October 2,
13
26.
Wednesday, October 2,
13
27.
Wednesday, October 2,
13
28.
Wednesday, October 2,
13
29.
Wednesday, October 2,
13
30.
Wednesday, October 2,
13
31.
Wednesday, October 2,
13
32.
child_process.exec [pid 31152] execve("/bin/sh",
["/bin/sh", "-c", "ls"] child_process.execFile [pid 31176] execve("/bin/ls", ["/bin/ls"] Wednesday, October 2, 13
33.
Wednesday, October 2,
13
34.
Catalyst for Change Wednesday,
October 2, 13
35.
Improved Resources Wednesday, October
2, 13
36.
Private issues & Pull Requests Wednesday,
October 2, 13
37.
“I wish @github
had private issues and pull requests for open source projects to improve responsible disclosure of security issues! Please RT” j.mp/lxjs-nsp Wednesday, October 2, 13
38.
nodeschool.io Wednesday, October 2,
13
39.
security.md Wednesday, October 2,
13
40.
github.com/nodesecurity Wednesday, October 2,
13
41.
</presentation> @adam_baldwin @liftsecurity @nodesecurity @evilpacket Wednesday, October 2,
13
Download now