Node Security Project - LXJS 2013

2,207 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,207
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Node Security Project - LXJS 2013

  1. 1. Wednesday, October 2, 13
  2. 2. Hi, I’m Adam Wednesday, October 2, 13
  3. 3. Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity Wednesday, October 2, 13
  4. 4. Hi, I’m Adam @evilpacket Wednesday, October 2, 13
  5. 5. Wednesday, October 2, 13
  6. 6. Wednesday, October 2, 13
  7. 7. Wednesday, October 2, 13
  8. 8. Wednesday, October 2, 13
  9. 9. Wednesday, October 2, 13
  10. 10. Node Security Project Wednesday, October 2, 13
  11. 11. Why Wednesday, October 2, 13
  12. 12. •precommit-hook for linting •pull requests for peer review •education / values Things we had control over Wednesday, October 2, 13
  13. 13. •other peoples code •the delivery system (npm) Things we didn’t have control over Wednesday, October 2, 13
  14. 14. npm install altlhethings Wednesday, October 2, 13
  15. 15. npm install fs Wednesday, October 2, 13
  16. 16. npm install http Wednesday, October 2, 13
  17. 17. npm install socketio Wednesday, October 2, 13
  18. 18. 404 Wednesday, October 2, 13
  19. 19. ~/analyzer$ node print.js ./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354 Wednesday, October 2, 13
  20. 20. •Core modules.... •Punctuation is hard •Improve integrity checking Conclusions Wednesday, October 2, 13
  21. 21. Wednesday, October 2, 13
  22. 22. How Wednesday, October 2, 13
  23. 23. nodesecurity.io/contributors Wednesday, October 2, 13
  24. 24. New Process Wednesday, October 2, 13
  25. 25. Wednesday, October 2, 13
  26. 26. Wednesday, October 2, 13
  27. 27. Wednesday, October 2, 13
  28. 28. Wednesday, October 2, 13
  29. 29. Wednesday, October 2, 13
  30. 30. Wednesday, October 2, 13
  31. 31. Wednesday, October 2, 13
  32. 32. child_process.exec [pid 31152] execve("/bin/sh", ["/bin/sh", "-c", "ls"] child_process.execFile [pid 31176] execve("/bin/ls", ["/bin/ls"] Wednesday, October 2, 13
  33. 33. Wednesday, October 2, 13
  34. 34. Catalyst for Change Wednesday, October 2, 13
  35. 35. Improved Resources Wednesday, October 2, 13
  36. 36. Private issues & Pull Requests Wednesday, October 2, 13
  37. 37. “I wish @github had private issues and pull requests for open source projects to improve responsible disclosure of security issues! Please RT” j.mp/lxjs-nsp Wednesday, October 2, 13
  38. 38. nodeschool.io Wednesday, October 2, 13
  39. 39. security.md Wednesday, October 2, 13
  40. 40. github.com/nodesecurity Wednesday, October 2, 13
  41. 41. </presentation> @adam_baldwin @liftsecurity @nodesecurity @evilpacket Wednesday, October 2, 13

×