- Description
- Run Service
- Vulnerabilities and attacks
- Articles
- POSTMAN Collection
- Slides - Security in NodeJS
- Slides BDF
- Slides Link: https://slides.com/roman_sachenko/security-in-nodejs-symphony-of-destruction/
There are dozens of mistakes that can be easily made and lead to huge security problems. On the other hand, there are even more ways to break an application, such as DB injections, brute-force attacks, regular expression DOS, memory leaks, and hijacking require chain, just to name a few. During the presentation, I'll list the most common security problems, talk about the current situation in WEB and will explain how to deal with safety concerns. What can we do to decrease the level of 'insecurity'? I'll teach the audience to deal with security holes and will explain the must-steps which should be performed before launching a new application.
- Brute-Force Attacks
- Database Injections
- Regular Expression DOS
- Memory Leaks
- Hijacking the require chain
- Rainbow Table attack
- Hash Table Collision attack
- Timing attack
- NodeJS v.20+
- MongoDB
- Siege lib (Linux) https://linux.die.net/man/1/siege (for making concurrent requests)
$npm run start
$npm run start:mem-leak-check
# Build and start with Docker Compose
docker-compose up --build
# Or run in background
docker-compose up -d --build
# Stop the application
docker-compose down$npm run attack:brute-force
$siege http://localhost:3000/attacks/memory-leak/
'take a look to the sky just before you die, its the last time you will'.repeat(100)
npm run exploit:all
# or
node scripts/exploit-all.js# Brute Force Attack
node scripts/exploit-brute-force.js
# Database Injection
node scripts/exploit-db-injection.js
# ReDoS Attack
node scripts/exploit-redos.js
# Memory Leak
node scripts/exploit-memory-leak.js
# Timing Attack
node scripts/exploit-timing.js./scripts/exploit.sh