Alon Ohana
Open Source Engineer
Tel Aviv, Israel
Actions
Software Engineer since 2022. Between 2022-2024 I was a Fullstack Developer with Flutter in the frontend and NodeJS+Go in the Backend, and since 2024 I'm a Software Engineer in Seal Security where I'm crafting security patches for EOL OSS libraries in various ecosystems, one of them is NPM.
Links
Area of Expertise
Topics
Open Source Libraries Vulnerabilities in the NPM Ecosystem
The NPM ecosystem is one of the largest ecosystems, if not the largest, in the industry. Over the years, the NodeJS community and the NPM ecosystem have become more mature and secure, but various security exploits continue to occur repeatedly. Two of these are inherent in the JavaScript language—RegEx DoS and Prototype Pollution.
While languages like C/C++ have many vulnerabilities inherent to their design (such as overflows and unauthorized memory access), exploiting these vulnerabilities requires much deeper technical knowledge compared to exploiting the inherent vulnerabilities in JavaScript. Or, as I like to say, "Binary exploitations are easy to find and hard to exploit, while web exploitations are hard to find and easy to exploit."
In this lecture, I would like to show how frequent these exploits are, how to mitigate them, their origins, and provide general insight into web vulnerabilities in general.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top