Understanding Prototype Pollution w/ Isaac Burton скачать в хорошем качестве

Understanding Prototype Pollution w/ Isaac Burton

/// 🔗 Register for future webcasts, summits, and workshops here - https://blackhillsinfosec.zoom.us/ze/... 🛝 Slides for this webcast –  https://www.blackhillsinfosec.com/wp-... Join us for a beginner-friendly talk on prototype pollution, where we'll explore its impact on web security. Prototype pollution is a vulnerability that affects applications written in JavaScript, and is especially dangerous for JSON based APIs. Imagine you're building a house and someone sneaks in and alters the blueprint, causing unexpected flaws in the structure. Similarly, in the digital world, prototype pollution occurs when attackers can manipulate data structures of web applications, leading to all kinds of vulnerabilities. Join us for this free one-hour Black Hills Information Security (BHIS) webcast with Isaac Burton, where he'll give practical examples and explain how understanding prototype pollution can help developers safeguard their websites against such attacks, and the emerging research that brings new potential for exploitation. Chat with your fellow attendees in the Black Hills Infosec Discord server here:   / discord   -- in the #🔴webcast-live-chat channel. /// Chapters Understanding Prototype Pollution w/ Isaac Burton 0:00 Introduction 0:37 Why are we excited about prototype pollution? 2:43 Testing Web Apps 4:21 APIs and modern apps 5:30 What is a prototype? 6:22 The global prototype 6:56 Prototype pollution 7:52 Deserialization 9:46 Recursion is awesome… 10:18 What if an attacker sends this? 10:42 The global prototype 10:51 What is a prototype? 11:36 Why this is dangerous 12:03 Function can be overwritten too 13:01 JavaScript is weird 13:43 Affected systems 14:23 APIs and Modern Apps (Continued) 15:50 In the browser 19:36 Side note on XSS 20:56 On the server 21:48 Challenges 22:06 Detecting prototype pollution in the browser 22:25 Examples 29:47 Recursion is awesome 30:20 Q&A