Path Traversal
Node.js Secure Coding: Prevention and Exploitation of Path Traversal Vulnerabilities
Liran Tal
Hi there curious hacker đź‘‹
My name is Liran and I’ll be your personal guide throughout this Bun Security Essentials course.
I enjoy teaching and sharing my knowledge with my peers and friends and in the next section I’ll give you a third-person brief on who I am and my background as it relates to server-side JavaScript experience.
About Liran Tal
Liran Tal is an accomplished software developer, respected security researcher, and prominent advocate for open-source software in the JavaScript community. He has earned recognition as a GitHub Star, in part for his tireless efforts to educate developers and for his contributions to developing essential security tools and resources that help JavaScript and Node.js developers build secure applications.
His leadership in open-source security extends to meaningful contributions to OWASP projects, recording supply chain security incidents at the CNCF, and various OpenSSF initiatives. His contributions to the Node.js community have been widely recognized, including being honored with the OpenJS Foundation’s Pathfinder for Security award for his significant contributions to advance the state of Node.js security. In his role as a security analyst in the Node.js Foundation’s Security Working Group, Liran reviewed hundreds of vulnerability reports for npm packages and created processes for responsible security disclosures and vulnerability triage.
Liran is also an accomplished security researcher and has disclosed security vulnerabilities in various open-source software projects, including being credited with CVEs impacting npm packages. His work on supply chain security research, including Lockfile Injection, was presented at Black Hat Europe 2021 cybersecurity conference.
As an experienced author and educator, Liran has written several widely respected books on software security. These include “Serverless Security” by O’Reilly, as well as the self-published titles “Essential Node.js Security” and “Web Security: Learning HTTP Security Headers”. He is passionate about sharing his knowledge and occasionally speaks on software security topics at academic institutions, such as presenting to students at the Electrical and Computer Engineering School at Purdue University.
Liran’s Node.js Secure Coding books
Liran Tal also authored books dedicated to advanced Node.js security topics as follows:
Command Injection
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities
Code Injection
Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities