::: left till the conference

New ways to alert: Prototype Pollution

40 min
Web Village

In this talk, we’ll look at a new threat in web application security — JavaScript prototype pollution. First, we’ll get a deep dive into workings of JavaScript objects and classes. On this basis, we’ll explore what JavaScript prototype pollution is and how it can be found in the client side. After this, we’ll look at ways to exploit prototype pollution once you’ve found it. We’ll share our bug bounty experience, cool stories about bypassing fixes and finding edge cases.

Nikita Stupin

Security researcher 

Sergey “BlackFan” Bobrov
Other Reports
Defensive Track
Attacking the microservice applications: methods and practical tips
Web Village
Hacker adventures on dating websites
Main Stage
Weird proxies/2 and a bit of magic