Web Rush

Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh

Episode Summary

Feross Aboukhadijeh talks with us about security issues, and how to find them, and ways to secure your web app or open source code.

Episode Notes

Recording date: 12/1/2022

John Papa @John_Papa

Ward Bell @WardBell

Dan Wahlin @DanWahlin

Craig Shoemaker @craigshoemaker

Feross Aboukhadijeh @Feross

Brought to you by

• AG Grid

  

• IdeaBlade

Resources:

• Feross Aboukhadijeh’s website
• Feross Aboukhadijeh’s GitHub
• Log4j
• The Federal Trade Commission’s (FTC) note on Log4j
• Socket – Secure your JavaScript supply chain
• What’s really going on in your node_modules folder?
• Vulnerability scanning isn’t enough to protect your app
• Auditing npm packages for security vulnerabilities
• GitHub Dependabot
• List of package security issues that Socket detects
• List of npm packages that have been removed from npm for security reasons
• Feross’s Web Security class at Stanford University
• Darknet Diaries
• DEFCON conference
• Have I Been Pwned?
• Troy Hunt
• 1% of CMS-Powered Sites Expose Their Database Passwords

Timejumps

• 00:44 World Cup welcome
• 02:08 Security in applications
• 03:20 Guest introduction
• 04:41 Why should you worry about your software supply chain?
• 07:41 Sponsor: Ag Grid
• 08:50 What's the attack vector like and what's the threat?
• 15:54 Depending on dependancies to find security issues
• 22:16 Sponsor: IdeaBlade
• 23:13 Make it easy to do the right thing
• 29:16 What was log4j?
• 33:45 How does Socket work?
• 34:36 Final thoughts

Podcast editing on this episode done by Chris Enns of Lemon Productions.