Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh
Feross Aboukhadijeh talks with us about security issues, and how to find them, and ways to secure your web app or open source code.
Recording date: 12/1/2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Feross Aboukhadijeh @Feross
Brought to you by
Resources:
- Feross Aboukhadijeh’s website
- Feross Aboukhadijeh’s GitHub
- Log4j
- The Federal Trade Commission’s (FTC) note on Log4j
- Socket – Secure your JavaScript supply chain
- What’s really going on in your node_modules folder?
- Vulnerability scanning isn’t enough to protect your app
- Auditing npm packages for security vulnerabilities
- GitHub Dependabot
- List of package security issues that Socket detects
- List of npm packages that have been removed from npm for security reasons
- Feross’s Web Security class at Stanford University
- Darknet Diaries
- DEFCON conference
- Have I Been Pwned?
- Troy Hunt
- 1% of CMS-Powered Sites Expose Their Database Passwords
Timejumps
- 00:44 World Cup welcome
- 02:08 Security in applications
- 03:20 Guest introduction
- 04:41 Why should you worry about your software supply chain?
- 07:41 Sponsor: Ag Grid
- 08:50 What's the attack vector like and what's the threat?
- 15:54 Depending on dependancies to find security issues
- 22:16 Sponsor: IdeaBlade
- 23:13 Make it easy to do the right thing
- 29:16 What was log4j?
- 33:45 How does Socket work?
- 34:36 Final thoughts
Podcast editing on this episode done by Chris Enns of Lemon Productions.