Player FMアプリでオフラインにしPlayer FMう!
Web dev security school
Manage episode 377644191 series 1391411
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
- Ron Perris – Twitter, GitHub
- Amal Hussein – Twitter, GitHub
- Christopher Hiller – Mastodon, Twitter, GitHub, Website
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
章
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
331 つのエピソード
Manage episode 377644191 series 1391411
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
- Ron Perris – Twitter, GitHub
- Amal Hussein – Twitter, GitHub
- Christopher Hiller – Mastodon, Twitter, GitHub, Website
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
章
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
331 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。