Download - 2018-044: Mike Samuels discusses NodeJS hardening initiatives | Podbean

Discover

Podcast Features
Your all-in-one podcasting solution.

Blog to Podcast
Turn your blog into an engaging podcast.
Livestream
High-performing audio live, without limits.

Podcast Studio
Easy-to-use audio recorder app.
Podbean AI
AI-Enhanced Audio Quality and Content Generation.

Podcast App
The best podcast player & podcast app.

Ads Marketplace
Join Ads Marketplace to earn money
through sponsorship on your podcast.

PodAds
Manage your ads with dynamic ad insertion capability.
Apple Podcasts Subscriptions Integration
Effortlessly publish and manage exclusive episodes for your
Apple Podcasts subscribers directly from Podbean.
Live Streaming
Receive livestream rewards from your audience and earn
recurring income from your Fan Club membership.

All Arts Business Comedy Education
Fiction Government Health & Fitness History Kids & Family
Leisure Music News Religion & Spirituality Science
Society & Culture Sports Technology True Crime TV & Film
Live

How to Start a Podcast
How to Start a Live Podcast
How to Monetize a podcast
How to Promote Your Podcast
How to Use Group Recording

Log in
Start your podcast for free

Podcasting
Monetization
Advertisers
Enterprise
Pricing
Discover

Log in

Sign up free

BrakeSec Education Podcast

News:Tech News

2018-044: Mike Samuels discusses NodeJS hardening initiatives

2018-12-18

Download Right click and do "save link as"

Mike Samuels

https://twitter.com/mvsamuel

https://github.com/mikesamuel/attack-review-testbed

https://nodejs-security-wg.slack.com/

Hardening NodeJS

Speaking engagement talks:

A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw

Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009

Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781

What is a package: (holy hell, why is this so complicated?)

A package is any of:

a) a folder containing a program described by a package.json file
b) a gzipped tarball containing (a)
c) a url that resolves to (b)
d) a @ that is published on the registry with ©
e) a @ that points to (d)
f) a that has a latest tag satisfying (e)
g) a git url that, when cloned, results in (a).

https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4

https://blog.risingstack.com/node-js-security-checklist/

https://www.npmjs.com/package/trusted-types

https://github.com/WICG/trusted-types/issues/31

view more

More Episodes

2020-034-Fortnite account selling, process change agility, IRS wanting to track the 'untrackable'

2020-09-14

2020-033-garmin hack, Tesla employee thwarted IP espionage, Slack RCE payout, and more!

2020-08-31

2020-032-Dr. Allan Friedman, SBOM, Software Transparency, and how the sausage is made - Part 2

2020-08-24

2020-031-Allan Friedman, SBOM, software transparency, and knowing how the sausage is made

2020-08-18

2020-030- Mick Douglas, Defenses against powercat, offsec tool release, SRUM logs, and more!

2020-08-10

2020-029- Brad Spengler, Linux kernel security in the past 10 years, software dev practices in Linux, WISP.org PSA

2020-07-31

2020-028-Shlomi Oberman, RIPPLE20, supply chain security discussion, software bill of materials

2020-07-24

2020-027-RIPPLE20 Report, supply chain security, responsible disclosure, software development, and vendor care.

2020-07-16

2020-026- WISP PSA, PAN-OS vuln redux, F5 has a bad weekend, vuln scoring, Twitter advice, and more!

2020-07-08

2020-025-Cognizant breach, maze ransomware, PAN-OS CVE 2020-2021, SAML authentication walkthrough

2020-06-29

2020-024-Bit of news, Ripple20 vulns, IoT Security, windows error codes, captchas used for evil, Marine Momma

2020-06-24

2020-023-James Nelson from Illumio, cyber resilence, business continuity

2020-06-17

2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation

2020-06-10

2020-021- Derek Rook, redteam tactics, blue/redteam comms, and detection of testing

2020-06-01

2020-020-Andrew Shikiar - FIDO Alliance - making Cybersecurity more secure

2020-05-27

2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications

2020-05-20

2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training

2020-05-13

2020-017-Cameron Smith, business decisions, and how it affects Security

2020-05-05

2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1

2020-04-29

2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation

2020-04-21

←
2
3
4
5
6
7
8
9
10
11
→

012345678910111213141516171819

Get this podcast on your
phone, FREE

Download Podbean app on App Store

Download Podbean app on Google Play

Create your
podcast in
minutes

Full-featured podcast site
Unlimited storage and bandwidth
Comprehensive podcast stats
Distribute to Apple Podcasts, Spotify, and more
Make money with your podcast

Get started

It is Free

Podcast Services
MONETIZATION & MORE
KNOWLEDGE BASE
Support
Podbean

Privacy Policy
Cookie Policy
Terms of Use
Consent Preferences
Copyright © 2015-2024 Podbean.com