A podcast about web design and development.
…
continue reading
Changelog Media에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Changelog Media 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
JS Party: JavaScript, CSS, Web Development와 비슷한 콘텐츠
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k
907
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Web dev security school
Manage episode 377644191 series 1391411
Changelog Media에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Changelog Media 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
챕터
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 에피소드
공유
Manage episode 377644191 series 1391411
Changelog Media에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Changelog Media 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
챕터
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
JS Party: JavaScript, CSS, Web Development와 비슷한 콘텐츠
A podcast about web design and development.
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k907
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
