::: left till the conference

New ways to alert: Prototype Pollution

40 min
Web Village

In this talk, we’ll look at a new threat in web application security — JavaScript prototype pollution. First, we’ll get a deep dive into workings of JavaScript objects and classes. On this basis, we’ll explore what JavaScript prototype pollution is and how it can be found in the client side. After this, we’ll look at ways to exploit prototype pollution once you’ve found it. We’ll share our bug bounty experience, cool stories about bypassing fixes and finding edge cases.

Nikita Stupin

Security researcher 

Sergey “BlackFan” Bobrov
Other Reports
Main Stage
Apache 0day bug, which still nobody knows of, and which was fixed accidentally
Web Village
Main Stage
Exploring the Galaxy. Building emulators to find vulnerabilities in modern phones