I’m currently in the process of putting the finishing touches on my talk. I’m planning on speaking about NoSQL Injection in modern web applications, with a heavy focus on MongoDB. I’m planning on doing most of the talk as a hands-on demonstration where we’ll attack a Meteor eCommerce application.
If you don’t have tickets yet, go buy them now!
The threat of SQL injection in modern web applications has been left by the wayside with the rise of NoSQL databases. Unfortunately, a new, but fundamentally similar threat has taken its place: NoSQL injection. Let’s take an in-depth look at this type of attack and the steps we can take to protect ourselves from it. The king is dead, long live the king!
Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.