BSides Austin has ended
Back To Schedule
Thursday, March 31 • 2:30pm - 3:30pm
The Node.js Highway: Attacks Are At Full Throttle

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Node.js is the drive-and-go language and its popularity is soaring. Five years after its debut, and the language’s framework boasts more 2M downloads a month.
Before accelerating too quickly, it is important to understand the power – and corresponding mishaps – of this language.

In this talk, we demonstrate new attack techniques against applications built on top of the Node.js language.

Attacks include:
• Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
• Password exposure attacks. Leveraging the “Forgot My Password” feature of applications in order to reveal the passwords of all the application’s users
• Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature


Joshua S. Clark

Joshua S. Clark, CISSP, Solutions Architect at CheckmarxJoshua has over 10 years of experience in information security and application development in multiple industries such as high-tech, banking, healthcare, insurance, telecom, utilities, and government. Prior to joining Checkmarx... Read More →

Thursday March 31, 2016 2:30pm - 3:30pm CDT
High Tech Hall