2018-044: Mike Samuels discusses NodeJS hardening initiatives - a podcast by Bryan Brake, Amanda Berlin, Brian Boettcher
from 2018-12-18T16:30:35
Mike Samuels
https://github.com/mikesamuel/attack-review-testbed
https://nodejs-security-wg.slack.com/
Hardening NodeJS
Speaking engagement talks:
A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw
Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009
Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781
What is a package: (holy hell, why is this so complicated?)
A package is any of:
- a) a folder containing a program described by a package.json file
- b) a gzipped tarball containing (a)
- c) a url that resolves to (b)
- d) a
@ that is published on the registry with © - e) a
@ that points to (d) - f) a
that has a latest tag satisfying (e) - g) a git url that, when cloned, results in (a).
https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4
https://blog.risingstack.com/node-js-security-checklist/
https://www.npmjs.com/package/trusted-types
https://github.com/WICG/trusted-types/issues/31
Further episodes of BrakeSec Education Podcast
Further podcasts by Bryan Brake, Amanda Berlin, Brian Boettcher
Website of Bryan Brake, Amanda Berlin, Brian Boettcher