Download - Node Security Project - LXJS 2013
![Page 1: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/1.jpg)
Wednesday, October 2, 13
![Page 2: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/2.jpg)
Hi, I’m Adam
Wednesday, October 2, 13
![Page 3: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/3.jpg)
Hi, I’m Adam@adam_baldwin@liftsecurity@nodesecurity
Wednesday, October 2, 13
![Page 4: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/4.jpg)
Hi, I’m Adam@evilpacket
Wednesday, October 2, 13
![Page 5: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/5.jpg)
Wednesday, October 2, 13
![Page 6: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/6.jpg)
Wednesday, October 2, 13
![Page 7: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/7.jpg)
Wednesday, October 2, 13
![Page 8: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/8.jpg)
Wednesday, October 2, 13
![Page 9: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/9.jpg)
Wednesday, October 2, 13
![Page 10: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/10.jpg)
Node Security ProjectWednesday, October 2, 13
![Page 11: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/11.jpg)
Why
Wednesday, October 2, 13
![Page 12: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/12.jpg)
•precommit-hook for linting•pull requests for peer review•education / values
Things we had control over
Wednesday, October 2, 13
![Page 13: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/13.jpg)
•other peoples code•the delivery system (npm)
Things we didn’t have control over
Wednesday, October 2, 13
![Page 14: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/14.jpg)
npm install altlhethings
Wednesday, October 2, 13
![Page 15: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/15.jpg)
npm install fs
Wednesday, October 2, 13
![Page 16: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/16.jpg)
npm install http
Wednesday, October 2, 13
![Page 17: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/17.jpg)
npm install socketio
Wednesday, October 2, 13
![Page 18: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/18.jpg)
404
Wednesday, October 2, 13
![Page 19: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/19.jpg)
~/analyzer$ node print.js ./output/output.json buffer: 604child_process: 2867dgram: 836dns: 674fs: 15036http: 12084https: 2819os: 1311readline: 909string_decoder: 65timers: 230tty: 335vm: 354
Wednesday, October 2, 13
![Page 20: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/20.jpg)
•Core modules....•Punctuation is hard•Improve integrity checking
Conclusions
Wednesday, October 2, 13
![Page 21: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/21.jpg)
Wednesday, October 2, 13
![Page 22: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/22.jpg)
How
Wednesday, October 2, 13
![Page 23: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/23.jpg)
nodesecurity.io/contributors
Wednesday, October 2, 13
![Page 24: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/24.jpg)
New Process
Wednesday, October 2, 13
![Page 25: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/25.jpg)
Wednesday, October 2, 13
![Page 26: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/26.jpg)
Wednesday, October 2, 13
![Page 27: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/27.jpg)
Wednesday, October 2, 13
![Page 28: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/28.jpg)
Wednesday, October 2, 13
![Page 29: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/29.jpg)
Wednesday, October 2, 13
![Page 30: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/30.jpg)
Wednesday, October 2, 13
![Page 31: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/31.jpg)
Wednesday, October 2, 13
![Page 32: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/32.jpg)
child_process.exec[pid 31152] execve("/bin/sh", ["/bin/sh", "-c", "ls"]
child_process.execFile[pid 31176] execve("/bin/ls", ["/bin/ls"]
Wednesday, October 2, 13
![Page 33: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/33.jpg)
Wednesday, October 2, 13
![Page 34: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/34.jpg)
Catalyst for Change
Wednesday, October 2, 13
![Page 35: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/35.jpg)
Improved Resources
Wednesday, October 2, 13
![Page 36: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/36.jpg)
Private issues &
Pull RequestsWednesday, October 2, 13
![Page 37: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/37.jpg)
“I wish @github had private issues and pull requests for open source projects to improve responsible disclosure of security issues! Please RT”
j.mp/lxjs-nspWednesday, October 2, 13
![Page 38: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/38.jpg)
nodeschool.ioWednesday, October 2, 13
![Page 39: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/39.jpg)
security.md
Wednesday, October 2, 13
![Page 40: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/40.jpg)
github.com/nodesecurity
Wednesday, October 2, 13
![Page 41: Node Security Project - LXJS 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042814/555115c1b4c905f10b8b4e13/html5/thumbnails/41.jpg)
</presentation> @adam_baldwin@liftsecurity@nodesecurity
@evilpacket
Wednesday, October 2, 13