Explore server-side prototype pollution in this 41-minute conference talk from Global AppSec Dublin. Delve into prototype chains, merge operations, and recursive merge functions. Learn about encoding properties that can take down servers, modifying maximum allowed parameters, and allowing multiple question marks in parameters. Discover techniques for converting parameters into objects, changing JSON response charsets and padding, and altering status codes. Investigate generic prototype pollution detection in Blitz and address asynchronous payload challenges. Gain insights on leaking code, detecting JavaScript engines, and using open-source tools. Conclude with strategies for preventing prototype pollution in web applications.