Loading…

October 10 -12 - Vancouver, BC
Click for Node+JS Interactive Information & Registration

View analytic
Thursday, October 11 • 3:20pm - 3:50pm
Node.js Applicative DoS Through MongoDB Injection - Vladimir de Turckheim, Sqreen

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Applicative Denial of Service is mostly known through Regexp abuse. Most people do not know that other applicative DoS can be exploited through diverse means. In this talk, we will see how a malicious user can obtain a MongoDB injection and use it to prevent an application from responding.

Intro: Applicative DoS
I. From SQL injections to NoSQL injections
II. Exploiting a NoSQL injection to obtain a DoS
III. Protecting an application from MongoDB applicative DoS

When speaking about security in the Node.js world, most efforts have been in direction of the choice of packages. However, most security issues are not coming from third-party modules but from misuse of them.

This talk aims at showing how fragile an application can be and how one should protect it.

Speakers
avatar for Vladimir de Turckheim

Vladimir de Turckheim

Lead Node.js Engineer, Sqreen
Vladimir is an active contributor of the Node.js project, especially in the Security Working Group.He has been leading the ecosystem security initiative in the WG.He has been publishing multiple articles regarding Node.js security and performance.Vladimir works at Sqreen to build... Read More →



Thursday October 11, 2018 3:20pm - 3:50pm
West Ballroom B