September 21, 2023

Web dev security school (JS Party #293)

Listen Later

1 hour 26 minutes

This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!

Join the discussion

Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev

Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.

Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.

Featuring:

Ron Perris – GitHub, X
Amal Hussein – GitHub, X
Christopher Hiller – Website, GitHub, Mastodon, X

Show Notes:

10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)

ZAP - the worlds most widely used web app scanner

Loco Moco Security Conference in Hawai’i

Node.js Ecosystem Security Working Group

Node.js Security Bug Reporting

Node.js Hacker One Page

Node.js Third Party Labs Hacker One Page (now disabled)

Python’s Advocate Library - for making secure HTTP requests on behalf of a third party

DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

ESLint Security Plugin

Content Security Policy

Something missing or broken? PRs welcome!

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Changelog Master Feed

By Changelog Media

4.4

2929 ratings

September 21, 2023

Web dev security school (JS Party #293)

Listen Later

1 hour 26 minutes

This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!

Join the discussion

Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev

Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.

Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.

Featuring:

Ron Perris – GitHub, X
Amal Hussein – GitHub, X
Christopher Hiller – Website, GitHub, Mastodon, X

Show Notes:

10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)

ZAP - the worlds most widely used web app scanner

Loco Moco Security Conference in Hawai’i

Node.js Ecosystem Security Working Group

Node.js Security Bug Reporting

Node.js Hacker One Page

Node.js Third Party Labs Hacker One Page (now disabled)

Python’s Advocate Library - for making secure HTTP requests on behalf of a third party

DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

ESLint Security Plugin

Content Security Policy

Something missing or broken? PRs welcome!

...more

More shows like Changelog Master Feed

Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

273 Listeners

Hanselminutes with Scott Hanselman by Scott Hanselman

Hanselminutes with Scott Hanselman

382 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

288 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

626 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

583 Listeners

Soft Skills Engineering by Jamison Dance and Dave Smith

Soft Skills Engineering

287 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

44 Listeners

The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

443 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

985 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

180 Listeners

Practical AI by Practical AI LLC

Practical AI

212 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

63 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

512 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

67 Listeners