nodejs
Node.js Vulnerability Cheatsheet
25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more…Photo by Greg Rakozy on UnsplashSecuring applications is not the easiest thing to do. An application has many ...
What’s in your jQuery app? Not the fishy ‘jquery-lh’ we hope!
The popular jQuery project has a mysterious sidekick that has popped - 'jquery-lh'. While the npm package does install real jQuery code, behind the scenes it does something fishy and unexpected ...
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)And if you think your are safe (as you recently procured a well marketed commercial open source dependency scanner) is when you are most in danger ...
Tips for Managing npm Dependencies
Part of the reason why Node.js is so appealing is that it allows for easy application extensibility; you focus on your core competencies, and if you need additional features or functionality, you ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 4)
An Oxymoron : Static Analysis of a Dynamic Language (Part 4)Taint Flow challenges in a world of untyped and async event handlingFrom the previous post we concluded that type-checking at compile-time can ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 3)
An Oxymoron : Static Analysis of a Dynamic Language (Part 3)TypeScript to the rescueFrom the previous post we concluded that JavaScript contains a number of features that makes it a challenge to ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 2)
An Oxymoron : Static Analysis of a Dynamic Language (Part 2)From client side JavaScript to server side NodeJsNow that you have reached here after reading the prior post , lets switch contexts ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 1)
An Oxymoron : Static Analysis of a Dynamic Language (Part 1)What are the characteristics of a Dynamic Language (JavaScript)?Benjamin Pierce classifies programming languages along two axes:whether they are safe or unsafe and ...
Sun Tzu as a Service
Do you regularly cite The Art of War from Sun Tzu in your cyber security reports? Have you run out of relevant quotes? Today we are proudly announcing our API. It provides an endless feed ...