Changelog Master Feed

Web dev security school (JS Party #293)

Listen Later

This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!

Join the discussion

Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!

Sponsors:

  • Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
  • Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
  • Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.

    • Featuring:

    • Ron Perris – GitHub, X
    • Amal Hussein – GitHub, X
    • Christopher Hiller – Website, GitHub, Mastodon, X

    Show Notes:

    • 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
    • ZAP - the worlds most widely used web app scanner
    • Loco Moco Security Conference in Hawai’i
    • Node.js Ecosystem Security Working Group
    • Node.js Security Bug Reporting
    • Node.js Hacker One Page
    • Node.js Third Party Labs Hacker One Page (now disabled)
    • Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
    • DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
    • ESLint Security Plugin
    • Content Security Policy

      • Something missing or broken? PRs welcome!

      ...more
      View all episodesView all episodes
      Download on the App Store
      Changelog Master FeedBy Changelog Media
      • 4.4
      • 4.4
      • 4.4
      • 4.4
      • 4.4

      4.4

      29 ratings

      More shows like Changelog Master Feed

      View all
      Software Engineering Radio by se-radio@computer.org

      Software Engineering Radio

      271 Listeners

      Hanselminutes with Scott Hanselman by Scott Hanselman

      Hanselminutes with Scott Hanselman

      383 Listeners

      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      289 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      622 Listeners

      Talk Python To Me by Michael Kennedy

      Talk Python To Me

      585 Listeners

      Soft Skills Engineering by Jamison Dance and Dave Smith

      Soft Skills Engineering

      289 Listeners

      Thoughtworks Technology Podcast by Thoughtworks

      Thoughtworks Technology Podcast

      43 Listeners

      The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

      The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

      431 Listeners

      Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

      Syntax - Tasty Web Development Treats

      987 Listeners

      CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

      CoRecursive: Coding Stories

      190 Listeners

      Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

      Kubernetes Podcast from Google

      181 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      207 Listeners

      The Stack Overflow Podcast by The Stack Overflow Podcast

      The Stack Overflow Podcast

      63 Listeners

      Big Technology Podcast by Alex Kantrowitz

      Big Technology Podcast

      498 Listeners

      Oxide and Friends by Oxide Computer Company

      Oxide and Friends

      62 Listeners