2018-044: Mike Samuels discusses NodeJS hardening initiatives

56:11
 
Share
 

Manage episode 223576895 series 124251
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Mike Samuels

https://twitter.com/mvsamuel

https://github.com/mikesamuel/attack-review-testbed

https://nodejs-security-wg.slack.com/

Hardening NodeJS

Speaking engagement talks:

A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw

Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009

Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781

What is a package: (holy hell, why is this so complicated?)

A package is any of:

  1. a) a folder containing a program described by a package.json file
  2. b) a gzipped tarball containing (a)
  3. c) a url that resolves to (b)
  4. d) a @ that is published on the registry with ©
  5. e) a @ that points to (d)
  6. f) a that has a latest tag satisfying (e)
  7. g) a git url that, when cloned, results in (a).

https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4

https://blog.risingstack.com/node-js-security-checklist/

https://www.npmjs.com/package/trusted-types

https://github.com/WICG/trusted-types/issues/31

272 episodes available. A new episode about every 7 days averaging 52 mins duration .