From the course: Node.js: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Overview of server-side injection
- [Instructor] Server-Side Injection is the activity of injecting untrusted data into the server as part of a command or a query. With this injected code the attacker can trick the server to do all sorts of no good. The attacker typically will use eval, set timeout, set interval, and function methods to process malicious code. For example, an attacker could inject a While (1) conditional into an eval function, therefore rendering the server useless by using 100% of its resources. Leveraging eval's weaknesses, the attacker could also insert commands to read the content of a response call to a known server and therefore be able to pull user data. To minimize service-side injections, you wanna do the following: Always validate and sanitize user input as we've mentioned many times in this course. Never use eval, setTimeout, and setInterval and function to parse user input. Use JSON.parse when you need to parse user input. Or for type conversion, use the safer parse methods, like parse…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.