Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/HoLyVieR/prototype-pollution-nsec18

Content released at NorthSec 2018 for my talk on prototype pollution
https://github.com/HoLyVieR/prototype-pollution-nsec18

Last synced: 1 day ago
JSON representation

Content released at NorthSec 2018 for my talk on prototype pollution

Awesome Lists containing this project

README

        

# Prototype pollution attack

## Abstract

Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?

## Paper

[Link to paper](paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)

## Slides

[Link to slides](slides/index.html)