As part of a blog post that I'm writing on Node security, I'm trying to think how would an attacker knowing that the application is created with Node trying to exploit the system ("If you can’t think like an attacker, you can’t think like a defender...")?I'm focused only on the node characteristics that might help the attacker, not generic web application weakness like try DDOS, try inject SQL, etcFor example, some idea - many Node developers let the process exit on error, so I'll try to provide many faulty JSON inputs with hope that one will trigger process exit. Once I find the right input, I can very easily generate a DOS conditionOther ideas?p.s. I'm not an attacker, if you want to see a draft of the blog post - just ask
Submitted July 18, 2018 at 12:17PM by yonatannn
No comments:
Post a Comment