Here’s a short example to give you a feeling what we are talking about: This http post request has your message as post data. If you enter something into the chat facebook makes a http request to your webapp. Needless to say that this would work for all webapps out there using outdated Software. All of them are fixed but if you use an old version of Nodejs all of them could be used against you. There is also another attack concerning parsing JSON and one for SSL Handshakes using Openssl. First thing I’ve discovered that V8 is vulnerable to classic Hash Collision attacks, but seems that Node fixed that a long time ago. First I noticed that many people use NodeJs so I made a research on common NodeJs security vulnerabilities. I made a Google Sheet with all the libraries and started my security research. How secure are Bots? What are common layer 7 vulnerabilities? The next thing which came to my mind was security. One week ago I asked the community how they develop Bots and which frameworks they use for coding them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |