Understanding Prototype Pollution w/ Isaac Burton

/// 🔗 Register for future webcasts, summits, and workshops here - https://blackhillsinfosec.zoom.us/ze/...

🛝 Slides for this webcast – 
https://www.blackhillsinfosec.com/wp-...

Join us for a beginner-friendly talk on prototype pollution, where we'll explore its impact on web security.

Prototype pollution is a vulnerability that affects applications written in JavaScript, and is especially dangerous for JSON based APIs.

Imagine you're building a house and someone sneaks in and alters the blueprint, causing unexpected flaws in the structure.

Similarly, in the digital world, prototype pollution occurs when attackers can manipulate data structures of web applications, leading to all kinds of vulnerabilities.

Join us for this free one-hour Black Hills Information Security (BHIS) webcast with Isaac Burton, where he'll give practical examples and explain how understanding prototype pollution can help developers safeguard their websites against such attacks, and the emerging research that brings new potential for exploitation.


Chat with your fellow attendees in the Black Hills Infosec Discord server here:   / discord   -- in the #🔴webcast-live-chat channel.

/// Chapters
Understanding Prototype Pollution w/ Isaac Burton
0:00 Introduction
0:37 Why are we excited about prototype pollution?
2:43 Testing Web Apps
4:21 APIs and modern apps
5:30 What is a prototype?
6:22 The global prototype
6:56 Prototype pollution
7:52 Deserialization
9:46 Recursion is awesome…
10:18 What if an attacker sends this?
10:42 The global prototype
10:51 What is a prototype?
11:36 Why this is dangerous
12:03 Function can be overwritten too
13:01 JavaScript is weird
13:43 Affected systems
14:23 APIs and Modern Apps (Continued)
15:50 In the browser
19:36 Side note on XSS
20:56 On the server
21:48 Challenges
22:06 Detecting prototype pollution in the browser
22:25 Examples
29:47 Recursion is awesome
30:20 Q&A