These days of cyber warfare and targeted supply chain attacks on open source packages we developers are more attentive to security vulnerabilities. Yet writing secure code to avoid security vulnerabilities is an entirely different paradigm that needs to be mastered. One such vulnerability is Path Traversal, and while it may sound harmless, it is in fact ubiquitous and presents a significant risk. My session will teach you how path traversal vulnerabilities manifest in everything from code in your own applications to code in dependencies to core modules in the Node.js runtime. Additionally, path traversal vulnerabilities may endanger your local development setup and lead to insecure Node.js applications risking your production environment. Join me to gain a new secure coding skill and learn how to mitigate this set of security vulnerabilities.
Known for his open source and JavaScript security initiatives, Liran Tal is an award-winning software developer, security researcher, and open source champion in the JavaScript community. He's an internationally recognized GitHub Star, acknowledged for his open source advocacy, and has received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. His contributions to developer security education include leading OWASP projects, building supply chain security tools, participation in CNCF and OpenSSF initiatives, and authoring books such as O'Reilly's Serverless Security. He leads the developer advocacy team at Snyk.io and is on a mission to empower developers with better application security skills.