Hello dear redditors,I am working on a massive healthcare project as a technical lead and I am looking for articles/courses about known exploits/pen testing that I could look into.I would like to see if I find anything obvious that could be exploitable so we could improve in the early phases of development.Our stack is AWS Lambdas with NodeJS 12.18.x and and API Gateway in front of them which has a custom Authoriser ( which is an AWS Lambda running on node itself )( I have googled a lot but would be nice to get the options from some fellow developers as well )So far I have fixed a few exploits that could be done via object prototype pollution ( payload was not being validated on fields not present in the schema ) and jwt forgeryIf you do have anything that you think it's worth looking into, could you please let me know in the comments section?Hope you're all having a nice weekend!
Submitted August 22, 2020 at 04:18PM by okeidev
No comments:
Post a Comment