Software Integrity Blog

Author Archive

David Bohannon

dbohannon

David Bohannon is a senior security consultant at Synopsys. His work is heavily focused on web applications, frameworks, and middleware technologies. In addition to client-facing engagements, David also conducts internal software development and vulnerability research for Synopsys. He holds a Bachelor of Science in Computer Science from University of Georgia.


Posts by David Bohannon:

 

Node.js: Preventing common vulnerabilities in the MEAN stack

Before jumping into the final post within our discussion on vulnerabilities in the MEAN stack, look back at the other four posts within this series discussing MongoDBExpress.js (Core)Express.js (Sessions and CSRF), and AngularJS. Development mode (Node.js/Express.js) By default, Express applications run in development mode unless the NODE_ENV environmental variable is set to another value. In development mode, Express returns more verbose errors which can result in information leakage. For example, the error message below returns the full path to the requested file. This also provides an attacker with information about the host system.

Continue Reading...

Posted in Open Source Security, Software Architecture & Design, Web Application Security

 

AngularJS: Preventing common vulnerabilities in the MEAN stack

Learn how to prevent common AngularJS vulnerabilities related to expression injection, local storage information leakage, and Angular’s own SCE service.

Continue Reading...

Posted in Software Architecture & Design, Web Application Security

 

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 2)

With MEAN stack apps, you can store the session state client-side in a JSON Web Token or custom cookie object. But how do you invalidate a user’s session?

Continue Reading...

Posted in Web Application Security

 

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

With the Express framework, developers can easily add multiple middleware plugins globally to all routes. But middleware must be applied in the right order.

Continue Reading...

Posted in Open Source Security, Web Application Security

 

MongoDB: Preventing common vulnerabilities in the MEAN stack

MEAN stack applications (MongoDB, Express.js, AngularJS, and Node.js) are becoming increasingly popular as lightweight, easily deployable frameworks due to a vast ecosystem of middleware plugins and dependencies. But just how secure are these technologies?

Continue Reading...

Posted in Open Source Security, Web Application Security

 

How to mitigate the Java deserialization vulnerability in JBoss application servers

Some versions of JBoss contain CVE-2015-7501, a Java deserialization vulnerability that can allow remote code execution. Here’s how to mitigate it.

Continue Reading...

Posted in Software Architecture & Design