Adam BaldwinEnumerating files using Server Side Request Forgery and the request moduleIf you ever find Server Side Request Forgery (SSRF) in a node.js based application and the app is using the request module you can use a…Dec 15, 2017Dec 15, 2017
Adam BaldwininNode Securitynpm Registry Spelunking: Dependencies Referenced by URLI’ve learned a long time ago that not all security research pans out with a stack of vulnerabilities but every time I venture down a rabbit…Nov 9, 20171Nov 9, 20171
Adam BaldwininNode SecurityAnnouncing nsp 3.0.0The Node Security team is excited to announce version 3.0.0 of the nsp CLI tool.Oct 4, 2017Oct 4, 2017
Adam BaldwininNode SecurityPull Requests Welcome: We need your help to fix some ReDoS vulnerabilitiesRecently there were a large number of regular expression denial of service ( ReDoS ) vulnerabilities released to the public via GitHub…Sep 21, 2017Sep 21, 2017
Adam Baldwinin^Lift SecurityBypassing npm / yarn ignore-scripts with Command Injection in package.jsonBefore you read this post please run git --version and if it’s not 2.14.1 or greater then please go upgrade it.Aug 11, 2017Aug 11, 2017
Adam BaldwinMy story about mentorship and my careerThe Practical Developer #DevDiscuss tonight got me thinking about mentorship and how it’s impacted my life. It doesn’t fit in a tweet or a…Jun 21, 20171Jun 21, 20171
Adam Baldwinin^Lift SecurityAnnouncing Security for Founders: Node.js Edition — a one-day intensive classAs a startup, where might your organization get the biggest bang for your buck when it comes to security?May 22, 2017May 22, 2017
Adam BaldwininNode Security4 years of Node SecurityToday marks the 4th birthday of the Node Security Project. During that time we accomplished a lot, failed more than a few times, and…Apr 18, 2017Apr 18, 2017
Adam Baldwinin^Lift SecurityIn Memory Backdoor for Node.js Express AppsEarlier this week Zach Grace published an article on one way that you could backdoor a Node.js Express application without touching disk…Mar 3, 2017Mar 3, 2017
Adam Baldwinin^Lift SecurityCompromising Node.js apps using Man-in-the-MiddleJust before the New Years I published 140+ advisories on Node.js modules. I’ve been researching ways to compromise developers & node.js…Jan 14, 2017Jan 14, 2017