JS Party: JavaScript, CSS, Web Development
Technology
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
Leave us a comment
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
Featuring:
Show Notes:
Something missing or broken? PRs welcome!
Timestamps:
(00:00) - It's party time, y'all
(00:39) - Sponsor: Convex
(04:10) - Welcoming Ron Perris
(04:46) - Ron's background
(14:55) - NodeJS Security Working Group
(23:47) - Sponsor: Appwrite
(26:35) - Where to get started with security
(34:17) - String injectiony stuff
(39:42) - XSS protection
(43:40) - URL-based script injection
(50:41) - Who's responsible for security?
(52:38) - Sponsor: Changelog News
(54:19) - On security teams
(58:00) - On project security
(59:51) - Sanitize & render HTML
(1:04:45) - Secure server-side rendering
(1:05:55) - Avoid JSON injection attacks
(1:08:50) - User linter configs
(1:10:54) - Thomas Eckert's question
(1:13:57) - Why aren't people taught this?
(1:16:10) - The Loco Moco conference
(1:17:14) - Frontend vs backend security
(1:24:14) - Connecting with Ron
(1:25:45) - Next up on the pod (Join ++!)
Create your
podcast in
minutes
It is Free