Sign up to save your podcasts
Or
Share Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh
Recording date: 12/1/2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Feross Aboukhadijeh @Feross
Brought to you byAG Grid
IdeaBlade
- Feross Aboukhadijeh’s website
- Feross Aboukhadijeh’s GitHub
- Log4j
- The Federal Trade Commission’s (FTC) note on Log4j
- Socket – Secure your JavaScript supply chain
- What’s really going on in your node_modules folder?
- Vulnerability scanning isn’t enough to protect your app
- Auditing npm packages for security vulnerabilities
- GitHub Dependabot
- List of package security issues that Socket detects
- List of npm packages that have been removed from npm for security reasons
- Feross’s Web Security class at Stanford University
- Darknet Diaries
- DEFCON conference
- Have I Been Pwned?
- Troy Hunt
- 1% of CMS-Powered Sites Expose Their Database Passwords
- 00:44 World Cup welcome
- 02:08 Security in applications
- 03:20 Guest introduction
- 04:41 Why should you worry about your software supply chain?
- 07:41 Sponsor: Ag Grid
- 08:50 What's the attack vector like and what's the threat?
- 15:54 Depending on dependancies to find security issues
- 22:16 Sponsor: IdeaBlade
- 23:13 Make it easy to do the right thing
- 29:16 What was log4j?
- 33:45 How does Socket work?
- 34:36 Final thoughts
Podcast editing on this episode done by Chris Enns of Lemon Productions.
View all episodes
By Dan Wahlin, John Papa, Ward Bell, Craig Shoemaker
4.9
3737 ratings
Recording date: 12/1/2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Feross Aboukhadijeh @Feross
Brought to you byAG Grid
IdeaBlade
- Feross Aboukhadijeh’s website
- Feross Aboukhadijeh’s GitHub
- Log4j
- The Federal Trade Commission’s (FTC) note on Log4j
- Socket – Secure your JavaScript supply chain
- What’s really going on in your node_modules folder?
- Vulnerability scanning isn’t enough to protect your app
- Auditing npm packages for security vulnerabilities
- GitHub Dependabot
- List of package security issues that Socket detects
- List of npm packages that have been removed from npm for security reasons
- Feross’s Web Security class at Stanford University
- Darknet Diaries
- DEFCON conference
- Have I Been Pwned?
- Troy Hunt
- 1% of CMS-Powered Sites Expose Their Database Passwords
- 00:44 World Cup welcome
- 02:08 Security in applications
- 03:20 Guest introduction
- 04:41 Why should you worry about your software supply chain?
- 07:41 Sponsor: Ag Grid
- 08:50 What's the attack vector like and what's the threat?
- 15:54 Depending on dependancies to find security issues
- 22:16 Sponsor: IdeaBlade
- 23:13 Make it easy to do the right thing
- 29:16 What was log4j?
- 33:45 How does Socket work?
- 34:36 Final thoughts
Podcast editing on this episode done by Chris Enns of Lemon Productions.