Feross takes us to security school (JS Party #132)

Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.

Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.

Leave us a comment

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors:

Rollbar – We move fast and fix things because of Rollbar. Resolve errors in minutes. Deploy with confidence. Learn more at rollbar.com/changelog.
DigitalOcean – DigitalOcean’s developer cloud makes it simple to launch in the cloud and scale up as you grow. They have an intuitive control panel, predictable pricing, team accounts, worldwide availability with a 99.99% uptime SLA, and 24/7/365 world-class support to back that up. Get your $100 credit at do.co/changelog.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com.

Featuring:

Feross Aboukhadijeh – Twitter, GitHub, WebsiteNick Nisi – Twitter, GitHub, WebsiteDivya – Twitter, GitHub, LinkedIn, Website

Show Notes:

JS Danger: OpenJS World Edition on YouTube
CS 253 Web Security - YouTube Playlist
CS 253 Course Website
CSP
Darknet Diaries on Samy
Krebs on Security
Clickjacking
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
Reining in the Web with Content Security Policy
Cross-Site Request Forgery Prevention Cheat Sheet
Same-origin policy
Cross-Site Request Forgery is dead!
Incrementally Better Cookies
SameSite cookies explained

Something missing or broken? PRs welcome!