JS Party: JavaScript, CSS, Web Development Feross takes us to security school
Jun 26, 2020
57:32
Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Rollbar – We move fast and fix things because of Rollbar. Resolve errors in minutes. Deploy with confidence. Learn more at rollbar.com/changelog.
- DigitalOcean – DigitalOcean’s developer cloud makes it simple to launch in the cloud and scale up as you grow. They have an intuitive control panel, predictable pricing, team accounts, worldwide availability with a 99.99% uptime SLA, and 24/7/365 world-class support to back that up. Get your $100 credit at do.co/changelog.
- Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Nick Nisi – Website, GitHub, Mastodon, X
- Divya – Website, GitHub, LinkedIn, X
Show Notes:
- JS Danger: OpenJS World Edition on YouTube
- CS 253 Web Security - YouTube Playlist
- CS 253 Course Website
- CSP
- Darknet Diaries on Samy
- Krebs on Security
- Clickjacking
- CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
- Reining in the Web with Content Security Policy
- Cross-Site Request Forgery Prevention Cheat Sheet
- Same-origin policy
- Cross-Site Request Forgery is dead!
- Incrementally Better Cookies
- SameSite cookies explained
Something missing or broken? PRs welcome!