Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Articles tagged for: security
Security skills for JavaScript developers
JavaScript developers need security skills to safeguard user data, prevent application breaches, and maintain user trust. Learn about essential security skills for writing secure code and fixing vulnerabilities in JavaScript applications.
The security vulnerability of serving images via a route as opposed to static middleware in Node.js
The most upvoted Reddit answer to a question about serving images via a route in Express.js is a security vulnerability waiting to happen.
JS Security Concepts for JavaScript Developers
Enhance your development workflow with JavaScript security best practices. Learn about Content Security Policy (CSP) in Nuxt.js, avoiding `eval` and `new Function` with untrusted input, secure DOM manipulation, cookie security, and third-party integration.
To IDOR or Not to IDOR: Insecure Direct Object Reference in JavaScript Applications Explained
Can you spot an Insecure Direct Object Reference (IDOR) vulnerability in your JavaScript application? Learn what IDOR is, how it can be exploited, and how to prevent it in your code.
npm vulnerabilities: reviewing the security of your dependencies
Learn about recent npm vulnerabilities in popular npm packages and how to protect your applications from security reports disclosed in 2024.