Vladimir de Turckheim
Vladimir works as a software engineer at Datadog, where he builds a tool to secure web applications. He used to be a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group, where he handles the security of Node.js and its ecosystem. Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often give talks and training to software engineers to teach them about application security.
Prototype Pollution in JavaScript
Node Congress 2023
27 min
Prototype Pollution in JavaScript
In 2018, a new attack vector against JavaScript codebases has been published: Prototype Pollution.
At first glance, it seemed pretty limited in impact: it would basically be a good way to crash some code. However, multiple cases of Remote Code Executions have happened based on this vector.
In this talk, we will clarify what are prototype pollutions, their real impact and of to prevent them from happening in your codebase.
At first glance, it seemed pretty limited in impact: it would basically be a good way to crash some code. However, multiple cases of Remote Code Executions have happened based on this vector.
In this talk, we will clarify what are prototype pollutions, their real impact and of to prevent them from happening in your codebase.
Can You Change the Behavior of a Running Node.js Process From the Outside?
Node Congress 2021
30 min
Can You Change the Behavior of a Running Node.js Process From the Outside?
In this talk, we will have fun trying to tamper with a running Node.js process to change its behavior at runtime. Without changing the code or restarting the process, we will find a way to inject our own logic into it and start to do the things we want. What are the limitations of such an approach? Is there part of it that can be used in real life scenarios? Come and find out! Yes, there will be some live demo.