Free Workshop: RCE & Prototype Pollution on Node.js applications

Come and join us for Free Workshop: RCE & Prototype Pollution on Node.js applications on April 15 @ 18:00 – 19:00 CET . This Free Workshop is a prelude to the complete course “Hacking Modern Web apps: Master the Future of Attack Vectors“. We’re sure you’ll leave with a thirst for more!

The complete course is a web security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your websec kung-fu to the next level. In this brief workshop we cover RCE & Prototype Pollution. Also, we explain what the course covers and give you a few lab samples with the following topics:

  • RCE options against Node.js applications
  • Introduction to Prototype Pollution
  • Prototype Pollution attacks in practice

All attendants will be provided with training portal access to practice the attack vectors covered. This includes:

  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises.

Finally, the free workshop will be followed by 2 x 4hr live training sessions on  April 20-21 @ 17:00 – 21:00 CET

Live Training: Hacking Modern Web Apps: Master the Future of Attack Vectors

RCE & Prototype Pollution on Node.js applications

Audience level

By and large, from new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Previously senior penetration tester / team lead at Cure53 ( and Version 1 ( Also the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course ( Additionally, OWASP OWTF project leader, an OWASP flagship project (

As a Security trainer, Abraham has conducted trainings at various events such as Blackhat USA, HITB, OWASP Global AppSec. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Also, he writes on Twitter as @7asecurity @7a_ @owtfp or Multiple presentations, pentest reports and recordings can be found at

For the most up-to-date information about upcoming training events, including free workshops, check this.