Web dev security school
JS Party: JavaScript, CSS, Web Development
English - September 21, 2023 20:30 - 1 hour - 79.9 MB - ★★★★★ - 32 ratingsTechnology Education How To jsparty javascript html web programming frontend backend node changelog css Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Ron Perris – Twitter, GitHubAmal Hussein – Twitter, GitHubChristopher Hiller – Mastodon, Twitter, GitHub, Website
Show Notes:
10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
ZAP - the worlds most widely used web app scanner
Loco Moco Security Conference in Hawai’i
Node.js Ecosystem Security Working Group
Node.js Security Bug Reporting
Node.js Hacker One Page
Node.js Third Party Labs Hacker One Page (now disabled)
Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
ESLint Security Plugin
Content Security Policy
Something missing or broken? PRs welcome!