An Introduction to SSRF Bypasses and Denylist Failures
Getting hands-on with SSRF bypasses and the pitfalls of denylists.
Articles tagged for: security
Prisma Raw Query Leads to SQL Injection? Yes and No
Prisma is a popular type-safe ORM for Node.js but just like all abstractions, it comes at a cost and Prisma Raw Query function may lead to SQL injection if not handled correctly.
Do not use secrets in environment variables and here's how to do it better
Stop storing secrets in environment variables. It's a bad practice and only fits hobby or side projects with no real business impact. Here are all the reasons why you should never store secrets in environment variables and how to do it better.
How to use npm audit
Getting started with the npm audit command and learn why it's not enough and how to advance your project's security posture with more robust security tools like Snyk.
Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Security skills for JavaScript developers
JavaScript developers need security skills to safeguard user data, prevent application breaches, and maintain user trust. Learn about essential security skills for writing secure code and fixing vulnerabilities in JavaScript applications.