Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to JS Party: JavaScript, CSS, Web Development
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
3k
962
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Making artificial intelligence practical, productive & accessible to everyone. Practical AI is a show in which technology professionals, business people, students, enthusiasts, and expert guests engage in lively discussions about Artificial Intelligence and related topics (Machine Learning, Deep Learning, Neural Networks, GANs, MLOps, AIOps, LLMs & more). The focus is on productive implementations and real-world scenarios that are accessible to everyone. If you want to keep up with the lates ...
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k483
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Web dev security school
Archived series ("Inactive feed" status)
When?
This feed was archived on December 02, 2025 01:34 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 377644191 series 1391411
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
Chapters
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on December 02, 2025 01:34 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 377644191 series 1391411
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev
- Appwrite – Build Fast. Scale Big. All in One Place. Appwrite is a backend platform for developing Web, Mobile, and Flutter applications. Built with the open source community and optimized for developer experience in the coding languages you love.
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
Show Notes:
- 10 React Security Best Practices Cheatsheet (by Ron Perris & Liran Tal)
- ZAP - the worlds most widely used web app scanner
- Loco Moco Security Conference in Hawai’i
- Node.js Ecosystem Security Working Group
- Node.js Security Bug Reporting
- Node.js Hacker One Page
- Node.js Third Party Labs Hacker One Page (now disabled)
- Python’s Advocate Library - for making secure HTTP requests on behalf of a third party
- DOMPurify - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- ESLint Security Plugin
- Content Security Policy
Something missing or broken? PRs welcome!
Chapters
1. It's party time, y'all (00:00:00)
2. Sponsor: Convex (00:00:39)
3. Welcoming Ron Perris (00:04:10)
4. Ron's background (00:04:46)
5. NodeJS Security Working Group (00:14:55)
6. Sponsor: Appwrite (00:23:47)
7. Where to get started with security (00:26:35)
8. String injectiony stuff (00:34:17)
9. XSS protection (00:39:42)
10. URL-based script injection (00:43:40)
11. Who's responsible for security? (00:50:41)
12. Sponsor: Changelog News (00:52:38)
13. On security teams (00:54:19)
14. On project security (00:58:00)
15. Sanitize & render HTML (00:59:51)
16. Secure server-side rendering (01:04:45)
17. Avoid JSON injection attacks (01:05:55)
18. User linter configs (01:08:50)
19. Thomas Eckert's question (01:10:54)
20. Why aren't people taught this? (01:13:57)
21. The Loco Moco conference (01:16:10)
22. Frontend vs backend security (01:17:14)
23. Connecting with Ron (01:24:14)
24. Next up on the pod (Join ++!) (01:25:45)
361 episodes
Όλα τα επεισόδια
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to JS Party: JavaScript, CSS, Web Development
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
3k962
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Making artificial intelligence practical, productive & accessible to everyone. Practical AI is a show in which technology professionals, business people, students, enthusiasts, and expert guests engage in lively discussions about Artificial Intelligence and related topics (Machine Learning, Deep Learning, Neural Networks, GANs, MLOps, AIOps, LLMs & more). The focus is on productive implementations and real-world scenarios that are accessible to everyone. If you want to keep up with the lates ...
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k483
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
