SlideShare una empresa de Scribd logo

Node Day - Node.js Security in the Enterprise

Adam Baldwin
Adam Baldwin

Adam Baldwin talks about Node.js security in the enterprise for Node Day 2014 hosted at PayPal

Tecnología
1 de 34
Descargar para leer sin conexión
Node.js Security in the Enterprise
Hi, I’m Adam
Node Security Project
@adam_baldwin @liftsecurity @nodesecurity @evilpacket
Node.js Security in the Enterprise
Enterprise Security in 3 min Protect what makes you money Availability is security Measure & Iterate It's not about the vulnerability You will screw it up anyway
What this talk is about Being informed & Prepared ! The node security landscape ! It's all node's fault
Communication
Understand what the enterprise cares about, then do better.
The enterprise should understand you and do better.
Gathering Intel
nodejs-sec announcements https://groups.google.com/forum/#!forum/nodejs-sec
Node Security Project
Advisories
Understanding the node.js security landscape
The Enterprise is responsible for what you require()
Technical Controls
Linting npm install precommit-hook
Test Cases You do this right?
npm shrinkwrap POST /validate/shrinkwrap GET /validate/:module_name/:version
npm shrinkwrap example curl -X POST https://nodesecurity.io/ validate/shrinkwrap -d @npmshrinkwrap.json -H "content-type: application/json"
retire.js Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. http://bekk.github.io/retire.js/
What is the greatest vulnerability that you have in the enterprise?
Is it one of the .... OWASP Top 10?
Every Developer on your team.
Peer Review
Peer Review
Peer Review
Peer Review
Blame Node. It's just how we do things.™
</PRESENTATION> @adam_baldwin | @LiftSecurity

Recomendados

Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
Jason Ross
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
Adam Baldwin
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
Deepu S Nath
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
Franziska Buehler
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 

Recomendados

Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
Jason Ross
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015
Adam Baldwin
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
Deepu S Nath
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
Franziska Buehler
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
WAF In DevOps DevOpsFusion2019
WAF In DevOps DevOpsFusion2019WAF In DevOps DevOpsFusion2019
WAF In DevOps DevOpsFusion2019
Franziska Buehler
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
Mehmet Ince
 
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoBypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Rajivarnan R
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
Indus Khaitan
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
SBA Research
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
Creston Jamison
 
Quick Tips for Server Security
Quick Tips for Server SecurityQuick Tips for Server Security
Quick Tips for Server Security
Alister Loxton
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
Riyaz Walikar
 
Dont run with scissors
Dont run with scissorsDont run with scissors
Dont run with scissors
Morgan Roman
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
opensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweedopensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweed
Marcus Meissner
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
Anant Shrivastava
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
CypSec - Siber Güvenlik Konferansı
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Ömer Çıtak
 
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
Cyber Security Alliance
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
 

Más contenido relacionado

La actualidad más candente

Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
Indus Khaitan
 
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
SBA Research
 

La actualidad más candente (20)

WAF In DevOps DevOpsFusion2019
WAF In DevOps DevOpsFusion2019WAF In DevOps DevOpsFusion2019
WAF In DevOps DevOpsFusion2019
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoBypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demo
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
 
Quick Tips for Server Security
Quick Tips for Server SecurityQuick Tips for Server Security
Quick Tips for Server Security
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Dont run with scissors
Dont run with scissorsDont run with scissors
Dont run with scissors
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
opensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweedopensuse conference 2015: security processes and technologies for Tumbleweed
opensuse conference 2015: security processes and technologies for Tumbleweed
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 

Destacado

ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
Cyber Security Alliance
 
302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices
phanleson
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
tobybear30
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
webhostingguy
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
Steven Cahill
 
Romeo and juliet
Romeo and julietRomeo and juliet
Romeo and juliet
Mike Smith
 

Destacado (19)

ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam Baldwin
 
Continuous Security
Continuous SecurityContinuous Security
Continuous Security
 
302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices302 Content Server Security Challenges And Best Practices
302 Content Server Security Challenges And Best Practices
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 
F-Secure E-mail and Server Security
F-Secure E-mail and Server SecurityF-Secure E-mail and Server Security
F-Secure E-mail and Server Security
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
 
Урок - 9, 27 февраля, 2016
Урок - 9, 27 февраля, 2016Урок - 9, 27 февраля, 2016
Урок - 9, 27 февраля, 2016
 
Peep Laja, CEO, ConversionXL - How to Turn Data into Insights & Customers
Peep Laja, CEO, ConversionXL - How to Turn Data into Insights & CustomersPeep Laja, CEO, ConversionXL - How to Turn Data into Insights & Customers
Peep Laja, CEO, ConversionXL - How to Turn Data into Insights & Customers
 
Três porquinhos
Três porquinhosTrês porquinhos
Três porquinhos
 
Leidy carvajal actividad 1.2 mapa c
Leidy carvajal actividad 1.2 mapa cLeidy carvajal actividad 1.2 mapa c
Leidy carvajal actividad 1.2 mapa c
 
Romeo and juliet
Romeo and julietRomeo and juliet
Romeo and juliet
 
Tuomas_Jokimaki
Tuomas_JokimakiTuomas_Jokimaki
Tuomas_Jokimaki
 
Sexy HTML with Twitter Bootstrap
Sexy HTML with Twitter BootstrapSexy HTML with Twitter Bootstrap
Sexy HTML with Twitter Bootstrap
 

Similar a Node Day - Node.js Security in the Enterprise

Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
WilheminaRossi174
 
Config Management Camp 2017 - If it moves, give it a pipeline
Config Management Camp 2017 - If it moves, give it a pipelineConfig Management Camp 2017 - If it moves, give it a pipeline
Config Management Camp 2017 - If it moves, give it a pipeline
Mark Rendell
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
Adrian Sanabria
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Yevgeniy Brikman
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product Information
Zeeshan Humayun
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
DevSecCon
 

Similar a Node Day - Node.js Security in the Enterprise (20)

JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community JSConfBR - Securing Node.js App, by the community and for the community
JSConfBR - Securing Node.js App, by the community and for the community
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applications
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
 
Config Management Camp 2017 - If it moves, give it a pipeline
Config Management Camp 2017 - If it moves, give it a pipelineConfig Management Camp 2017 - If it moves, give it a pipeline
Config Management Camp 2017 - If it moves, give it a pipeline
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
Academy PRO: Node.js in production. lecture 4
Academy PRO: Node.js in production. lecture 4Academy PRO: Node.js in production. lecture 4
Academy PRO: Node.js in production. lecture 4
 
Shifting security to the left with kubernetes, azure, and istio
Shifting security to the left with kubernetes, azure, and istioShifting security to the left with kubernetes, azure, and istio
Shifting security to the left with kubernetes, azure, and istio
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
Common mistake in nodejs
Common mistake in nodejsCommon mistake in nodejs
Common mistake in nodejs
 
Agility Requires Safety
Agility Requires SafetyAgility Requires Safety
Agility Requires Safety
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product Information
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 

Más de Adam Baldwin

Node Security Project - LXJS 2013
Node Security Project - LXJS 2013Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Adam Baldwin
 
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs BreakersJSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
 

Más de Adam Baldwin (9)

Attacking open source using abandoned resources
Attacking open source using abandoned resourcesAttacking open source using abandoned resources
Attacking open source using abandoned resources
 
JavaScript Supply Chain Security
JavaScript Supply Chain SecurityJavaScript Supply Chain Security
JavaScript Supply Chain Security
 
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into ItBuilding a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
 
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummitHunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
 
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
 
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs BreakersJSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
 
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of LuaEV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
 
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Node Day - Node.js Security in the Enterprise