Feross takes us to security school (JS Party #132)
Changelog Master Feed
English - June 26, 2020 17:20 - 57 minutes - 52.9 MB - ★★★★ - 28 ratingsTechnology Education How To changelog open source oss software development developer hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: We have regrets (Go Time #135)
Next Episode: Operationalizing ML/AI with MemSQL (Practical AI #94)
Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.
Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
Rollbar – We move fast and fix things because of Rollbar. Resolve errors in minutes. Deploy with confidence. Learn more at rollbar.com/changelog.
DigitalOcean – DigitalOcean’s developer cloud makes it simple to launch in the cloud and scale up as you grow. They have an intuitive control panel, predictable pricing, team accounts, worldwide availability with a 99.99% uptime SLA, and 24/7/365 world-class support to back that up. Get your $100 credit at do.co/changelog.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com.
Featuring:
Feross Aboukhadijeh – Twitter, GitHub, WebsiteNick Nisi – Twitter, GitHub, WebsiteDivya – Twitter, GitHub, LinkedIn, Website
Show Notes:
JS Danger: OpenJS World Edition on YouTube
CS 253 Web Security - YouTube Playlist
CS 253 Course Website
CSP
Darknet Diaries on Samy
Krebs on Security
Clickjacking
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
Reining in the Web with Content Security Policy
Cross-Site Request Forgery Prevention Cheat Sheet
Same-origin policy
Cross-Site Request Forgery is dead!
Incrementally Better Cookies
SameSite cookies explained
Something missing or broken? PRs welcome!