Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh
Web Rush
English - December 15, 2022 11:00 - 46 minutes - 32 MB - ★★★★★ - 37 ratingsTechnology Education How To web javascript technology developers Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 213: Hello Web Rush: Dan Wahlin, This is Your Life
Recording date: 12/1/2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Feross Aboukhadijeh @Feross
Brought to you byResources:Feross Aboukhadijeh’s websiteFeross Aboukhadijeh’s GitHubLog4jThe Federal Trade Commission’s (FTC) note on Log4jSocket – Secure your JavaScript supply chainWhat’s really going on in your node_modules folder?Vulnerability scanning isn’t enough to protect your appAuditing npm packages for security vulnerabilitiesGitHub DependabotList of package security issues that Socket detectsList of npm packages that have been removed from npm for security reasonsFeross’s Web Security class at Stanford UniversityDarknet DiariesDEFCON conferenceHave I Been Pwned?Troy Hunt1% of CMS-Powered Sites Expose Their Database PasswordsTimejumps00:44 World Cup welcome02:08 Security in applications03:20 Guest introduction04:41 Why should you worry about your software supply chain?07:41 Sponsor: Ag Grid08:50 What's the attack vector like and what's the threat?15:54 Depending on dependancies to find security issues22:16 Sponsor: IdeaBlade23:13 Make it easy to do the right thing29:16 What was log4j?33:45 How does Socket work?34:36 Final thoughtsPodcast editing on this episode done by Chris Enns of Lemon Productions.