Mike Samuels
https://github.com/mikesamuel/attack-review-testbed
https://nodejs-security-wg.slack.com/
Hardening NodeJS
Speaking engagement talks:
A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw
Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009
Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781
What is a package: (holy hell, why is this so complicated?)
A package is any of:
- a) a folder containing a program described by a package.json file
- b) a gzipped tarball containing (a)
- c) a url that resolves to (b)
- d) a <name>@<version> that is published on the registry with ©
- e) a <name>@<tag> that points to (d)
- f) a <name> that has a latest tag satisfying (e)
- g) a git url that, when cloned, results in (a).
https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4
https://blog.risingstack.com/node-js-security-checklist/
https://www.npmjs.com/package/trusted-types
https://github.com/WICG/trusted-types/issues/31
No comments:
Post a Comment