Loading…

October 10 -12 - Vancouver, BC
Click for Node+JS Interactive Information & Registration

View analytic
Thursday, October 11 • 3:20pm - 3:50pm
Node.js Applicative DoS Through MongoDB Injection - Vladimir de Turckheim, Sqreen

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Applicative Denial of Service is mostly known through Regexp abuse. Most people do not know that other applicative DoS can be exploited through diverse means. In this talk, we will see how a malicious user can obtain a MongoDB injection and use it to prevent an application from responding.

Intro: Applicative DoS
I. From SQL injections to NoSQL injections
II. Exploiting a NoSQL injection to obtain a DoS
III. Protecting an application from MongoDB applicative DoS

When speaking about security in the Node.js world, most efforts have been in direction of the choice of packages. However, most security issues are not coming from third-party modules but from misuse of them.

This talk aims at showing how fragile an application can be and how one should protect it.

Speakers
avatar for Vladimir de Turckheim

Vladimir de Turckheim

Software Engineer, Sqreen
Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. He used to be a professional security auditor and a web developper in agencies.   He is one of the most active members of the Node.js Security Working Group where he handles the security... Read More →



Thursday October 11, 2018 3:20pm - 3:50pm
West Ballroom B