Identify Code Injection Bugs in Your Code
First, you need to learn how to recognize a potential code injection vulnerability. In this section, weâll discuss how injection vulnerabilities are introduced into code so that youâll know what you shouldnât do.
Code injections target applications where the functionality is created and interpreted during runtime based on user input. This makes finding possible attack points straightforward. In Node.js there are two interpreter functions to look out for: eval and Function. With these a developer can create a function out of string input and execute it at will.
The easiest way to avoid code injection attacks is to simply not create and evaluate code using user-submitted data. But using dynamically ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
