Start tilbuddet

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

0 Anmeldelser
0
Episode
732 of 925
Længde
1T 3M
Sprog
Engelsk
Format
Kategori
Fakta

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria

08:59 Who develops the iOS app? 09:50 Stripe’s CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation

13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub

15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki

Sentry.io Security Policy Reporting

42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic

56:36 Where does the CSP live within Stripe? Original Black Friday story

59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos’ Instagram

Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Previous EpisodeNext Episode

Lyt når som helst, hvor som helst

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

  • Lyt og læs så meget du har lyst til
  • Opdag et kæmpe bibliotek fyldt med fortællinger
  • Eksklusive titler + Mofibo Originals
  • Opsig når som helst
Prøv nu
DK - Details page - Device banner - 894x1036

Other podcasts you might like ...

  1. The Book ReviewThe New York Times
  2. M’usa, con l’apostrofo. Le donne di PicassoLetizia Bravi
  3. FC PopCornFilm Companion
  4. DiskoteksbrandenAntonio de la Cruz
  5. Dragon gateEdith Söderström
  6. En amerikansk epidemiPatrick Stanelius
  7. En värld i brand: Andra världskriget och sanningenAnton Vretander
  8. FamiljenFrida Anund
  9. Försvunnen: Fallet ToveMaria Thulin
  10. Hagen-fallet: Spårlöst försvunnenAntonio de la Cruz
  1. The Book ReviewThe New York Times
  2. M’usa, con l’apostrofo. Le donne di PicassoLetizia Bravi
  3. FC PopCornFilm Companion
  4. DiskoteksbrandenAntonio de la Cruz
  5. Dragon gateEdith Söderström
  6. En amerikansk epidemiPatrick Stanelius
  7. En värld i brand: Andra världskriget och sanningenAnton Vretander
  8. FamiljenFrida Anund
  9. Försvunnen: Fallet ToveMaria Thulin
  10. Hagen-fallet: Spårlöst försvunnenAntonio de la Cruz
Læs mere
Udforsk
Brugbare links
Sprog og region

  • Dansk

  • Danmark

  • App Store
  • Google Play
Følg os