The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Erik Onarheim and Kamran Ayub에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Erik Onarheim and Kamran Ayub 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
TypeScript.fm - The Friendly Show for TypeScript Developers와 비슷한 콘텐츠
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Technical interviews about software topics.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Best Business Podcast (Gold), British Podcast Awards 2023 How do you build a fully electric motorcycle with no compromises on performance? How can we truly experience what the virtual world feels like? What does it take to design the first commercially available flying car? And how do you build a lightsaber? These are some of the questions this podcast answers as we share the moments where digital transforms physical, and meet the brilliant minds behind some of the most innovative products a ...
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
Feel brighter every day with our 20-minute pop-biz news podcast. The 3 business stories you need, with fresh takes you can pretend you came up with — Pairs perfectly with your morning oatmeal ritual. Hosted by Jack Crivici-Kramer & Nick Martell. Formerly known as “Snacks Daily”, Nick and Jack continue their podcast independent from Robinhood.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Building Secure TypeScript Applications | Liran Tal | Ep 28B
Manage episode 497534427 series 3642378
Erik Onarheim and Kamran Ayub에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Erik Onarheim and Kamran Ayub 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Liran Tal (lirantal.com) from Snyk joins us to dive deep into writing secure TypeScript applications. What's different compared to vanilla JavaScript security? Will schema validators fix all our woes? Can't we let LLMs find and fix security vulnerabilities? Liran educates us about the pitfalls and risks with misplacing trust in TypeScript and LLMs and what we can do to write more secure code.
Chapters
- (00:00) - Introducing Liran Tal
- (02:56) - What's Special About TypeScript Security vs. JavaScript Security?
- (04:23) - Misplacing Trust in Types
- (05:49) - Practical Examples of TypeScript Security Issues
- (08:43) - Why Does TypeScript Security Matter?
- (10:23) - TypeScript is Not a Security Tool
- (11:14) - How Does HTTP Parameter Pollution Work?
- (12:45) - Ways to Mitigate Parameter Pollution
- (15:44) - Schema Validators Won't Always Save You
- (16:51) - How Prototype Pollution Works
- (18:23) - Exploiting Schema Validators Through Prototype Pollution
- (21:50) - Mitigating Prototype Pollution Risks
- (25:21) - Consequences of Prototype Pollution
- (27:23) - Ways to Safely Merge Objects
- (30:03) - How Can TypeScript Developers Improve Their Security Posture?
- (33:17) - How Do LLMs Impact Secure Coding?
- (39:11) - Misplacing Trust in AI-Generated Code
- (41:10) - Can LLMs Review and Fix Secure Code?
- (45:57) - So We're All Doomed, Right?
- (48:31) - Bonus: Game Development as a Teaching Tool
- (54:48) - Where to Find Liran
Links
- Liran's website and blog
- Talk: Friend or Foe? TypeScript Security Fallacies
- Course: Node.js Security Course
- Book: Essential Node.js Security
- Book: Serverless Security
- Tool: npq (welcoming contributions!)
- https://github.com/lirantal/is-website-vulnerable
- Game: Dependency Frost
- Paper: Are AI-generated fixes secure? (July 2025)
Sponsored by Excalibur.js
Excalibur.js is the friendly TypeScript game engine for making 2D web games. Use your TypeScript or JavaScript skills to make games! Excalibur comes out-of-the-box with everything you need to make web games, like physics, sprites, animations, sound effects, input, and particles. Design your assets with tools like Aseprite and Tiled, then load them natively using first-party plugins.
Music
Seahorse Dreams by Kubbi (Spotify)
57 에피소드
공유
Manage episode 497534427 series 3642378
Erik Onarheim and Kamran Ayub에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Erik Onarheim and Kamran Ayub 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Liran Tal (lirantal.com) from Snyk joins us to dive deep into writing secure TypeScript applications. What's different compared to vanilla JavaScript security? Will schema validators fix all our woes? Can't we let LLMs find and fix security vulnerabilities? Liran educates us about the pitfalls and risks with misplacing trust in TypeScript and LLMs and what we can do to write more secure code.
Chapters
- (00:00) - Introducing Liran Tal
- (02:56) - What's Special About TypeScript Security vs. JavaScript Security?
- (04:23) - Misplacing Trust in Types
- (05:49) - Practical Examples of TypeScript Security Issues
- (08:43) - Why Does TypeScript Security Matter?
- (10:23) - TypeScript is Not a Security Tool
- (11:14) - How Does HTTP Parameter Pollution Work?
- (12:45) - Ways to Mitigate Parameter Pollution
- (15:44) - Schema Validators Won't Always Save You
- (16:51) - How Prototype Pollution Works
- (18:23) - Exploiting Schema Validators Through Prototype Pollution
- (21:50) - Mitigating Prototype Pollution Risks
- (25:21) - Consequences of Prototype Pollution
- (27:23) - Ways to Safely Merge Objects
- (30:03) - How Can TypeScript Developers Improve Their Security Posture?
- (33:17) - How Do LLMs Impact Secure Coding?
- (39:11) - Misplacing Trust in AI-Generated Code
- (41:10) - Can LLMs Review and Fix Secure Code?
- (45:57) - So We're All Doomed, Right?
- (48:31) - Bonus: Game Development as a Teaching Tool
- (54:48) - Where to Find Liran
Links
- Liran's website and blog
- Talk: Friend or Foe? TypeScript Security Fallacies
- Course: Node.js Security Course
- Book: Essential Node.js Security
- Book: Serverless Security
- Tool: npq (welcoming contributions!)
- https://github.com/lirantal/is-website-vulnerable
- Game: Dependency Frost
- Paper: Are AI-generated fixes secure? (July 2025)
Sponsored by Excalibur.js
Excalibur.js is the friendly TypeScript game engine for making 2D web games. Use your TypeScript or JavaScript skills to make games! Excalibur comes out-of-the-box with everything you need to make web games, like physics, sprites, animations, sound effects, input, and particles. Design your assets with tools like Aseprite and Tiled, then load them natively using first-party plugins.
Music
Seahorse Dreams by Kubbi (Spotify)
57 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
TypeScript.fm - The Friendly Show for TypeScript Developers와 비슷한 콘텐츠
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Technical interviews about software topics.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Best Business Podcast (Gold), British Podcast Awards 2023 How do you build a fully electric motorcycle with no compromises on performance? How can we truly experience what the virtual world feels like? What does it take to design the first commercially available flying car? And how do you build a lightsaber? These are some of the questions this podcast answers as we share the moments where digital transforms physical, and meet the brilliant minds behind some of the most innovative products a ...
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
Feel brighter every day with our 20-minute pop-biz news podcast. The 3 business stories you need, with fresh takes you can pretend you came up with — Pairs perfectly with your morning oatmeal ritual. Hosted by Jack Crivici-Kramer & Nick Martell. Formerly known as “Snacks Daily”, Nick and Jack continue their podcast independent from Robinhood.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
