Vladimir de Turckheim

Customer Engineering Team Lead, Sqreen

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

Content from Vladimir de Turckheim

Writing Secure Code in Node.js

In this learning path, you will learn how to attack and protect Node.js applications.

JavaScript Security

JavaScript, also referred to as ECMAScript, is now everywhere and can't be avoided. In this learning path, we will go through diverse JavaScript-related attacks and learn how to build safer JavaScript applications. Most of this learning path will cover front-end JavaScript; however, we will also consider Node.js in certain parts of the learning paths.

Refresher on Node.js

This course will cover the basics of Node.js architecture.

Protecting Databases

This course will focus on protecting database access.

Node.js Denial of Service

This course will focus on different ways of obtaining denial-of-service in Node.js and how to prevent them.

Authentication and Authorization

A look at authentication and authorization in Node.js.

Prototype Pollution

Exploring prototype pollution in Node.js.

Unsafe Strings

Confronting the challenge of unsafe strings in Node.js.

Error Handling and Asynchronous Debugging Monitoring

A look at the challenges of error handling in an asynchronous environment.

Ecosystem Modules (npm) and Supply Chain

An introduction to the challenges of npm modules.

GraphQL Security

This course explores mitigating the risks of GraphQL.

Secure JavaScript Programming Overview

An exploration of JavaScript and its runtime environments

Authentication – JavaScript Security

This course explores web authentication and best practices.

XSS and JavaScript Remote Code Executions

This course explores cross-site scripting (XSS) in JavaScript.

CSRF and Browser Security

An exploration of cross-site request forgery, or CSRF

Regular Expressions

A look at regular expressions and how to handle them

Prototype Pollution – JavaScript Security

This course explores prototype pollution in JavaScript.

Ecosystem Modules (npm) and Supply Chain – JavaScript Security

A look at npm and npm packages

Serverless JavaScript

Exploring serverless JavaScript

Web Developer Desktop Security

A look at common web developer desktop security issues

Explore more training resources from Vladimir de Turckheim and the Infosec Skills author team

An Introduction to Penetration Testing Node.js Applications

In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues.

Creating an API authenticated with OAuth 2 in Node.js

In this article, we are going to shed light on the OAuth authorization framework and we are going to build a simple API with OAuth authentication/server in Node.js.

Network traffic analysis for IR: Analyzing DDoS attacks

The DDoS attack prevents regular traffic from arriving at its desired destination by flooding it with unwanted traffic, like a traffic jam clogging up the highway. In this article, we will see how to analyze DDoS attacks.