Feross Aboukhadijeh talks with us about security issues, and how to find them, and ways to secure your web app or open source code.
const podcast = {
episode: 214,
title: 'Securing Your Web Apps and Source Code',
topics: [
'security', 'open source', 'logging'
],
guest: 'Feross Aboukhadijeh'
hosts: [
'John Papa', 'Craig Shoemaker'
]
};
Recording date: 12/1/2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Feross Aboukhadijeh @Feross
Brought to you by
Resources:
- Feross Aboukhadijeh’s website
- Feross Aboukhadijeh’s GitHub
- Log4j
- The Federal Trade Commission’s (FTC) note on Log4j
- Socket – Secure your JavaScript supply chain
- What’s really going on in your node_modules folder?
- Vulnerability scanning isn’t enough to protect your app
- Auditing npm packages for security vulnerabilities
- GitHub Dependabot
- List of package security issues that Socket detects
- List of npm packages that have been removed from npm for security reasons
- Feross’s Web Security class at Stanford University
- Darknet Diaries
- DEFCON conference
- Have I Been Pwned?
- Troy Hunt
- 1% of CMS-Powered Sites Expose Their Database Passwords
Timejumps
- 00:44 World Cup welcome
- 02:08 Security in applications
- 03:20 Guest introduction
- 04:41 Why should you worry about your software supply chain?
- 07:41 Sponsor: Ag Grid
- 08:50 What's the attack vector like and what's the threat?
- 15:54 Depending on dependancies to find security issues
- 22:16 Sponsor: IdeaBlade
- 23:13 Make it easy to do the right thing
- 29:16 What was log4j?
- 33:45 How does Socket work?
- 34:36 Final thoughts
Podcast editing on this episode done by Chris Enns of Lemon Productions.
