How to hack a node app? @ GDG DevFest Ukraine 2017

•

0 gefällt mir•458 views

Thought hacking was hard? It’s not, it’s easy and I’m going to show you how! We’ll investigate a series of hacking stories and break them down step-by-step to see exactly how they did it. By the end you’ll walk away a little bit more scared and a lot more prepared with some great practices you can apply immediately to your own applications.

Technologie

Asim Hussain
@jawache
codecraft.tv
microsoft.com

#1
@jawachePhoto by Kristina Flour on Unsplash

@jawachePhoto by Veri Ivanova on Unsplash

@jawachePhoto by Nolan Issac on Unsplash

On Premise
Hardware
OS
App
IaaS
Hardware
OS
App
PaaS
Hardware
OS
App
@jawache

Google App Engine
Heroku
Amazon Beanstalk
Azure App Services

@jawacheIt's Always Sunny In Philadelphia

'SELECT * FROM COMPANIES WHERE name =' + name;
@jawache

SELECT * FROM COMPANIES WHERE name =;
DROP TABLE "COMPANIES";
--LTD
@jawache

@jawachePhoto by Braydon Anderson on Unsplash

git push
http://0:9200/_shutdown
@jawache

def send_email(request):
try:
recipients = request.GET['to'].split(',')
url = request.GET['url']
proto, server, path, query, frag = urlsplit(url)
if query: path += '?' + query
conn = HTTPConnection(server)
conn.request('GET',path)
resp = conn.getresponse()
...
@jawache

http://0:8000/composer/send_email?
to=orange@nogg&
url=http://127.0.0.1:12345/foo
@jawache

http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo:
@jawache

GET /%0D%0Ahello%0D%0AFoo:
HTTP/1.1
Host: 127.0.0.1:12345
Accept-Encoding: identity
@jawache

GET /
hello
Foo: HTTP/1.1
Host: 127.0.0.1:12345
Accept-Encoding: identity
@jawache

...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A
@jawache

GET /
set key 0 900 4 data
HTTP/1.1
Host: 127.0.0.1:11211
Accept-Encoding: identity
@jawache

DeprecatedInstanceVariableProxy
@jawache

@jawachePhoto by Kelly Sikkema on Unsplash

@jawachePhoto by Jairo Alzate on Unsplash

Stop pretending
Don't assume
Small vulnerability
Don't trust anyone
PaaS
Sanitise
Fix
@jawache

https://www.pluralsight.com/courses/nodejs-security-
express-angular-get-started/
@jawache

Azure App Services
https://aka.ms/azure-app-service-docs
Google App Engine
https://cloud.google.com/appengine/
Heroku
https://heroku.com
Amazon Beanstack
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html
PaaS Platforms

Metasploit
https://www.metasploit.com/
DropTables Company
https://beta.companieshouse.gov.uk/company/10542519
SQLMap
http://sqlmap.org/
How I Chained 4 vulnerabilities on GitHub Enterprise - Orange Tsai
http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
Malicious packages in npm. Here’s what to do - Ivan Akulov
https://iamakulov.com/notes/npm-malicious-packages/
Oscar Bolmsten on Twitter
https://twitter.com/o_cee/status/892306836199800836

npm module sqlstring
https://www.npmjs.com/package/sqlstring
Exploit DB
https://www.exploit-db.com/
Brian Clarke Security Course on Pluralsight
https://www.pluralsight.com/courses/nodejs-security-express-angular-get-started/

Weitere ähnliche Inhalte

Was ist angesagt?

Telco Cloud How operators are using the Cloud to unlock the core network and ...

Alan Quayle

Automated infrastructure allows us to move fast, but moving fast is scary without proper testing. Where to start though? The state of the art in Chef cookbook testing has changed rapidly in the last few years with the introduction of new and improved tools and much of what you’ll find in web searches is often outdated. In this presentation I’ll give an overview of the available tools for testing and techniques to avoid busy work in your testing. We’ll cover cookbook linting, unit testing, and integration testing using Cookstyle, ChefSpec, and Test Kitchen / InSpec. We’ll also cover wiring up your testing in Travis CI to perform full integration tests on every PR.

Testing Like a Pro - Chef Infrastructure Testing

Tim Smith

Integrated security testing public

Morgan Roman

Spring Security 5.1 by Example - Josh Cummings

VMware Tanzu

Hacking title

10connollyc

James jara portafolio

James Jara

Intro to IronWASP

n|u - The Open Security Community

http://fr.droidcon.com/2014/agenda/detail?title=Parse+Worskshop Learn how to focus on creating a great user experience and forget complex infrastructure. Instantly add a powerful core, push notifications, and analytics to your app with Parse. We will take a deep dive at Parse's native SDKs for Android and see how to build an app that scales to millions of users. Speaker: Ali Parr, Parse Head of Mobile Platform Partnerships Engineering, EMEA, Facebook and Parse, based in London. He currently heads up the Parse partnerships program for Facebook in EMEA, as well focusing on new developer acquisition. Ali is focused on building partnerships between Parse and developers across EMEA, through direct contact, public speaking opportunities, and mentoring events. Ali is also a mentor at Techstars in London, and The Family in Paris, providing advice and experience to high-potential startups. Prior to Facebook, Ali was the founder of Infinite Degree, a gaming startup that reached top 10 in Apple App Store across many regions including the US and the UK. Ali holds a Masters degree in Computer Science.

Workshop: building your mobile backend with Parse - Droidcon Paris2014

Paris Android User Group

Owasp API Security top 10 - The need of enterprise solutions for managing API...

Tharindu Edirisinghe

A quantidade frequente de ataques bem sucedidos, fraudes e vazamentos de dados mostram que as empresas estão falhando em manter a segurança de seus sites, aplicações e bases de dados. Embora o "pentest" seja uma técnica muito comum de testar a segurança de um site, hoje temos a disposição um conjunto de ações que podem ser adotadas de forma complementar para testar e corrigir aplicações desde a sua concepção até a produção. amo conversar um pouco sobre as diferenças e vantagens de adotar práticas de testes de segurança, scan, pentest, vulnerability disclosure e bug bounty. Palestra realizada o Meetup OWASP São Paulo, 30/11/2018

Só o Pentest não resolve!

Anchises Moraes

"Indo além do Pentest" / Palestra apresentada na CPBR12 (Fev/2019) Muito se fala hoje em dia do Pentest, que já se tornou uma prática comum quando as empresas precisam testar a segurança de um site ou aplicação. A quantidade frequente de ataques bem sucedidos, resultando em fraudes e vazamentos de dados, mostram entretando que as empresas estão falhando em manter a segurança de seus sites, aplicações e bases de dados. Embora o "pentest" seja uma técnica muito comum de testar a segurança de um site, hoje temos a disposição um conjunto de ações que podem e devem ser adotadas de forma complementar para testar e corrigir aplicações desde a sua concepção até a produção. Vamos conversar um pouco sobre as diferenças e vantagens de adotar práticas de testes de segurança, scan de vulnerabilidades, pentest, políticas de vulnerability disclosure e programas de bug bounty.

Segurança além do Pentest

Anchises Moraes

Alfresco sdk 2.0

Yoshi Aochi

Was ist angesagt? (12)

Telco Cloud How operators are using the Cloud to unlock the core network and ...

Testing Like a Pro - Chef Infrastructure Testing

Integrated security testing public

Spring Security 5.1 by Example - Josh Cummings

Hacking title

James jara portafolio

Intro to IronWASP

Workshop: building your mobile backend with Parse - Droidcon Paris2014

Owasp API Security top 10 - The need of enterprise solutions for managing API...

Só o Pentest não resolve!

Segurança além do Pentest

Alfresco sdk 2.0

Kürzlich hochgeladen

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Architecting Cloud Native Applications

WSO2

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Exploring Multimodal Embeddings with Milvus

Zilliz

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Manulife - Insurer Transformation Award 2024

The Digital Insurer

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

ICT role in 21st century education and its challenges

rafiqahmad00786416

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

[BuildWithAI] Introduction to Gemini.pdf

Why Teams call analytics are critical to your entire business

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Architecting Cloud Native Applications

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Exploring Multimodal Embeddings with Milvus

Ransomware_Q4_2023. The report. [EN].pdf

Artificial Intelligence Chap.5 : Uncertainty

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Manulife - Insurer Transformation Award 2024

Cyberprint. Dark Pink Apt Group [EN].pdf

ICT role in 21st century education and its challenges

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

DBX First Quarter 2024 Investor Presentation

AWS Community Day CPH - Three problems of Terraform

How to hack a node app? @ GDG DevFest Ukraine 2017

1. Asim Hussain @jawache codecraft.tv microsoft.com

3. it can happen to you @jawache

4. #1 @jawachePhoto by Kristina Flour on Unsplash

5. @jawachePhoto by Veri Ivanova on Unsplash

7. @jawacheMr Robot

9. @jawache

10. @jawachePhoto by Nolan Issac on Unsplash

11. On Premise Hardware OS App IaaS Hardware OS App PaaS Hardware OS App @jawache

12. Google App Engine Heroku Amazon Beanstalk Azure App Services

13.

14. @jawache

15. @jawacheIt's Always Sunny In Philadelphia

16. #2 @jawache

17. 'SELECT * FROM COMPANIES WHERE name =' + name; @jawache

18. SELECT * FROM COMPANIES WHERE name =; DROP TABLE "COMPANIES"; --LTD @jawache

19. @jawache

20. @jawache

21. @jawachePhoto by Braydon Anderson on Unsplash

22. @jawache

23. @jawache

24. #3 @orange_8361

25. git push http://example.com @jawache

26. git push http://localhost @jawache

27. git push http://0 @jawache

28. git push http://0:9200/_shutdown @jawache

29. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

30. http://0:8000/composer/send_email? to=orange@nogg& url=http://127.0.0.1:12345/foo @jawache

31. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

32. rn @jawache

33. %0D%0A @jawache

34. http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo: @jawache

35. GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

36. GET / hello Foo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

37. ...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A @jawache

38. GET / set key 0 900 4 data HTTP/1.1 Host: 127.0.0.1:11211 Accept-Encoding: identity @jawache

39. GET / set key 0 900 4 data HTTP/1.1 Host: 127.0.0.1:11211 Accept-Encoding: identity @jawache

40. code code @jawache

41. code code @jawache

42. DeprecatedInstanceVariableProxy @jawache

43. @jawache

44.

45. @jawachePhoto by Kelly Sikkema on Unsplash

46. #4 @jawache

47. @jawache

48. @jawache

49.

50. @jawache

51. cross-env vs. crossenv @jawache

52. @jawachePhoto by Jairo Alzate on Unsplash

53. @scope/package-name @jawache

54. Stop pretending Don't assume Small vulnerability Don't trust anyone PaaS Sanitise Fix @jawache

55. https://www.pluralsight.com/courses/nodejs-security- express-angular-get-started/ @jawache

56. Asim Hussain @jawache codecraft.tv microsoft.com

57. Azure App Services https://aka.ms/azure-app-service-docs Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html PaaS Platforms

58. Metasploit https://www.metasploit.com/ DropTables Company https://beta.companieshouse.gov.uk/company/10542519 SQLMap http://sqlmap.org/ How I Chained 4 vulnerabilities on GitHub Enterprise - Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html Malicious packages in npm. Here’s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/ Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836

59. npm module sqlstring https://www.npmjs.com/package/sqlstring Exploit DB https://www.exploit-db.com/ Brian Clarke Security Course on Pluralsight https://www.pluralsight.com/courses/nodejs-security-express-angular-get-started/

How to hack a node app? @ GDG DevFest Ukraine 2017

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (12)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

How to hack a node app? @ GDG DevFest Ukraine 2017