2018-044: Mike Samuels discusses NodeJS hardening initiatives
Published December 18, 2018
|
56 min
    Download
    Add to queue
    Copy URL
    Show notes

    Mike Samuels

    https://twitter.com/mvsamuel


    https://github.com/mikesamuel/attack-review-testbed

    https://nodejs-security-wg.slack.com/



    Hardening NodeJS

     

    Speaking engagement talks:

    A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw

    Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009

    Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781



    What is a package: (holy hell, why is this so complicated?)

       

    A package is any of:

    1. a) a folder containing a program described by a package.json file
    2. b) a gzipped tarball containing (a)
    3. c) a url that resolves to (b)
    4. d) a @ that is published on the registry with ©
    5. e) a @ that points to (d)
    6. f) a that has a latest tag satisfying (e)
    7. g) a git url that, when cloned, results in (a).


    https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4

     

    https://blog.risingstack.com/node-js-security-checklist/

     

    https://www.npmjs.com/package/trusted-types

    https://github.com/WICG/trusted-types/issues/31

      15
      15
        0:00:00 / 0:00:00