Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
محتوای ارائه شده توسط Changelog Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Changelog Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه JS Party: JavaScript, CSS, Web Development
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
3k
946
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k478
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Web dev security school
Manage episode 377644191 series 1391411
محتوای ارائه شده توسط Changelog Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Changelog Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
فصل ها
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 قسمت
اشتراک گذاری
Manage episode 377644191 series 1391411
محتوای ارائه شده توسط Changelog Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Changelog Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
فصل ها
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 قسمت
Όλα τα επεισόδια
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه JS Party: JavaScript, CSS, Web Development
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
3k946
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k478
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
