Submit Search
Upload
Node Security Project - LXJS 2013
•
1 like
•
2,356 views
Adam Baldwin
Follow
Technology
Business
Report
Share
Report
Share
1 of 41
Download now
Download to read offline
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Recommended
Managing Windows Systems with Puppet - PuppetConf 2013
Managing Windows Systems with Puppet - PuppetConf 2013
Puppet
Agile Software Process Improvement
Agile Software Process Improvement
יהושע קליין
Benefits of Agile Software Development for Senior Management
Benefits of Agile Software Development for Senior Management
David Updike
Top 10 agile project interview questions and answers
Top 10 agile project interview questions and answers
WhitneyHouston012
Test Process Improvement
Test Process Improvement
Momentum NI
Cooking an Omelette with Chef
Cooking an Omelette with Chef
ctaintor
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
NETWAYS
Building scalable applications while scaling your infrastructure by rhommel l...
Building scalable applications while scaling your infrastructure by rhommel l...
Puppet
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Engineering culture
Engineering culture
Pamela Fox
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
More Related Content
Similar to Node Security Project - LXJS 2013
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Daniel Schauenberg
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
Ptah Dunbar
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Pablo Godel
Continuous Delivery at Netflix
Continuous Delivery at Netflix
Rob Spieldenner
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Ty Smith
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Zack Smith
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
zanthrash
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Eric Clark Su
Engineering culture
Engineering culture
Pamela Fox
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Puppet
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Julian Dunn
Ilugc curl
Ilugc curl
Akilan Ram
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
James Casey
Practical mitm for_pentesters
Practical mitm for_pentesters
Jonathan Cran
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Caesar Chi
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Saúl Ibarra Corretgé
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
David Kay
ADAM
ADAM
Matt Massie
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
Mike Friedman
Similar to Node Security Project - LXJS 2013
(19)
Scaling Deployment at Etsy
Scaling Deployment at Etsy
Unit testing like a pirate #wceu 2013
Unit testing like a pirate #wceu 2013
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
PHP Conference Argentina 2013 - Independizate de tu departamento IT - Habilid...
Continuous Delivery at Netflix
Continuous Delivery at Netflix
App to App: Design and Surface Local APIs
App to App: Design and Surface Local APIs
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Node Tools For Your Grails Toolbox - Gr8Conf 2013
Internet primer or Internet for Dummies (for Filipino women)
Internet primer or Internet for Dummies (for Filipino women)
Engineering culture
Engineering culture
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
Releasing Puppet: Automating Packaging for Many Platforms or 'Make all the th...
An Introduction to DevOps with Chef
An Introduction to DevOps with Chef
Ilugc curl
Ilugc curl
Chef - Configuration Management for the Cloud
Chef - Configuration Management for the Cloud
Practical mitm for_pentesters
Practical mitm for_pentesters
Expressjs basic to advance, power by Node.js
Expressjs basic to advance, power by Node.js
Proyecto OP^2: Open Pi Phone
Proyecto OP^2: Open Pi Phone
Slaying Bugs with Gradle and Jenkins
Slaying Bugs with Gradle and Jenkins
ADAM
ADAM
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
More from Adam Baldwin
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Security First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
More from Adam Baldwin
(14)
Attacking open source using abandoned resources
Attacking open source using abandoned resources
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Security First - Adam Baldwin
Security First - Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Recently uploaded
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Recently uploaded
(20)
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Node Security Project - LXJS 2013
1.
Wednesday, October 2,
13
2.
Hi, I’m Adam Wednesday,
October 2, 13
3.
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity Wednesday,
October 2, 13
4.
Hi, I’m Adam @evilpacket Wednesday,
October 2, 13
5.
Wednesday, October 2,
13
6.
Wednesday, October 2,
13
7.
Wednesday, October 2,
13
8.
Wednesday, October 2,
13
9.
Wednesday, October 2,
13
10.
Node Security Project Wednesday,
October 2, 13
11.
Why Wednesday, October 2,
13
12.
•precommit-hook for linting •pull
requests for peer review •education / values Things we had control over Wednesday, October 2, 13
13.
•other peoples code •the
delivery system (npm) Things we didn’t have control over Wednesday, October 2, 13
14.
npm install altlhethings Wednesday,
October 2, 13
15.
npm install fs Wednesday,
October 2, 13
16.
npm install http Wednesday,
October 2, 13
17.
npm install socketio Wednesday,
October 2, 13
18.
404 Wednesday, October 2,
13
19.
~/analyzer$ node print.js
./output/output.json buffer: 604 child_process: 2867 dgram: 836 dns: 674 fs: 15036 http: 12084 https: 2819 os: 1311 readline: 909 string_decoder: 65 timers: 230 tty: 335 vm: 354 Wednesday, October 2, 13
20.
•Core modules.... •Punctuation is
hard •Improve integrity checking Conclusions Wednesday, October 2, 13
21.
Wednesday, October 2,
13
22.
How Wednesday, October 2,
13
23.
nodesecurity.io/contributors Wednesday, October 2,
13
24.
New Process Wednesday, October
2, 13
25.
Wednesday, October 2,
13
26.
Wednesday, October 2,
13
27.
Wednesday, October 2,
13
28.
Wednesday, October 2,
13
29.
Wednesday, October 2,
13
30.
Wednesday, October 2,
13
31.
Wednesday, October 2,
13
32.
child_process.exec [pid 31152] execve("/bin/sh",
["/bin/sh", "-c", "ls"] child_process.execFile [pid 31176] execve("/bin/ls", ["/bin/ls"] Wednesday, October 2, 13
33.
Wednesday, October 2,
13
34.
Catalyst for Change Wednesday,
October 2, 13
35.
Improved Resources Wednesday, October
2, 13
36.
Private issues & Pull Requests Wednesday,
October 2, 13
37.
“I wish @github
had private issues and pull requests for open source projects to improve responsible disclosure of security issues! Please RT” j.mp/lxjs-nsp Wednesday, October 2, 13
38.
nodeschool.io Wednesday, October 2,
13
39.
security.md Wednesday, October 2,
13
40.
github.com/nodesecurity Wednesday, October 2,
13
41.
</presentation> @adam_baldwin @liftsecurity @nodesecurity @evilpacket Wednesday, October 2,
13
Download now