Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Contenu fourni par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Similaire à Syntax - Tasty Web Development Treats
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a developer and how the art and practice of software programming is changing our world. From Rails to React, from Java to Node.js, we host important conversations and fascinating guests that will help you understand how technology is made and where it’s headed. Hosted by Ben Popper, Cassidy Williams, and Ceora Ford, the Stack Overflow Podcast is your home for all things code.
…
continue reading
Become the best software developer you can be
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A podcast about web design and development.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !
Mettez-vous hors ligne avec l'application Player FM !
))
731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton
Manage episode 401279278 series 1469447
Contenu fourni par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy).
Show Notes- 00:00 Welcome to Syntax!
- 00:31 Brought to you by Sentry.io.
- 00:57 Who is Alex Sexton?
- 04:44 Stripe dashboard is a work of art.
- 05:08 Tell us about the design system.
- React Aria
- 08:59 Who develops the iOS app?
- 09:50 Stripe’s CSP (content security policy).
- 12:50 What even is a content security policy?
- Content Security Policy explanation
- 13:57 Douglas Crockford of Yahoo on security.
- Douglas on GitHub
- 15:13 Security philosophy.
- 16:59 What about inline styles and inline JavaScript?
- 19:41 How do we safely set inline styles from JS?
- 20:20 Setting up with meta tags.
- 22:52 What are common situations that require security exceptions?
- 26:24 Potential damage with inline style tags.
- 32:45 Looping vulnerabilities.
- 36:32 What about JavaScript injection?
- 37:09 Myspace Samy Worm.
- Myspace Samy Worm Wiki
- Sentry.io Security Policy Reporting
- 42:02 Does a CSP stop code from running in the console?
- 43:28 What are some general security best practices?
- 46:35 Strategies for rolling out a CSP.
- 51:49 Final tip, Strict Dynamic.
- Strict Dynamic
- 56:36 Where does the CSP live within Stripe?
- Original Black Friday story
- 59:35 One last story.
- 01:01:20 Sick Picks + Shameless Plugs
- Alex: Wes Bos’ Instagram
Syntax: X Instagram Tiktok LinkedIn Threads
Wes: X Instagram Tiktok LinkedIn Threads
778 episodes
Partager
Manage episode 401279278 series 1469447
Contenu fourni par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Wes Bos and Scott Tolinski - Full Stack JavaScript Web Developers ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy).
Show Notes- 00:00 Welcome to Syntax!
- 00:31 Brought to you by Sentry.io.
- 00:57 Who is Alex Sexton?
- 04:44 Stripe dashboard is a work of art.
- 05:08 Tell us about the design system.
- React Aria
- 08:59 Who develops the iOS app?
- 09:50 Stripe’s CSP (content security policy).
- 12:50 What even is a content security policy?
- Content Security Policy explanation
- 13:57 Douglas Crockford of Yahoo on security.
- Douglas on GitHub
- 15:13 Security philosophy.
- 16:59 What about inline styles and inline JavaScript?
- 19:41 How do we safely set inline styles from JS?
- 20:20 Setting up with meta tags.
- 22:52 What are common situations that require security exceptions?
- 26:24 Potential damage with inline style tags.
- 32:45 Looping vulnerabilities.
- 36:32 What about JavaScript injection?
- 37:09 Myspace Samy Worm.
- Myspace Samy Worm Wiki
- Sentry.io Security Policy Reporting
- 42:02 Does a CSP stop code from running in the console?
- 43:28 What are some general security best practices?
- 46:35 Strategies for rolling out a CSP.
- 51:49 Final tip, Strict Dynamic.
- Strict Dynamic
- 56:36 Where does the CSP live within Stripe?
- Original Black Friday story
- 59:35 One last story.
- 01:01:20 Sick Picks + Shameless Plugs
- Alex: Wes Bos’ Instagram
Syntax: X Instagram Tiktok LinkedIn Threads
Wes: X Instagram Tiktok LinkedIn Threads
778 episodes
Tous les épisodes
×
Bienvenue sur Lecteur FM!
Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.
Similaire à Syntax - Tasty Web Development Treats
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a developer and how the art and practice of software programming is changing our world. From Rails to React, from Java to Node.js, we host important conversations and fascinating guests that will help you understand how technology is made and where it’s headed. Hosted by Ben Popper, Cassidy Williams, and Ceora Ford, the Stack Overflow Podcast is your home for all things code.
…
continue reading
Become the best software developer you can be
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A podcast about web design and development.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !
Mettez-vous hors ligne avec l'application Player FM !
