BroConf

Prerequisites & Requirements

• JavaScript fundamentals: Understanding dynamic typing, prototype chain, and type coercion mechanisms
• Web application security: Knowledge of Node.js/Express.js, JWT authentication, and role-based access control
• Code analysis skills: Ability to read JavaScript source code and identify security vulnerabilities
• HTTP/API testing: Experience with curl, REST APIs, and web application testing techniques

What will you learn?

• JavaScript Type Confusion Vulnerabilities: How dynamic typing bypasses security validation when arrays are used instead of strings
• Prototype Pollution Attack Techniques: Understanding how to exploit JavaScript's prototype chain by polluting Object.prototype
• Secure Code Implementation: Learning proper type validation and normalization to prevent prototype pollution attacks
• Vulnerability Analysis and Fixing: Developing skills to identify security flaws and implement effective remediation
• Code review skills: Advanced techniques for identifying subtle security vulnerabilities in complex JavaScript applications

Tools

• curl: Command-line tool for sending HTTP requests and testing API endpoints
• grep: For extracting tokens and parsing HTTP responses during exploitation
• Code Editor: For analyzing source code and implementing security fixes (VS Code, vim, etc.)
• Web Browser: For understanding application structure and testing endpoints through the UI