Recording date: 12/1/2022John Papa @John_PapaWard Bell @WardBellDan Wahlin @DanWahlinCraig Shoemaker @craigshoemakerFeross Aboukhadijeh @FerossBrought to you byAG GridIdeaBladeResources:Feross Aboukhadijeh’s websiteFeross Aboukhadijeh’s GitHubLog4jThe Federal Trade Commission’s (FTC) note on Log4jSocket – Secure your JavaScript supply chainWhat’s really going on in your node_modules folder?Vulnerability scanning isn’t enough to protect your appAuditing npm packages for security vulnerabilitiesGitHub DependabotList of package security issues that Socket detectsList of npm packages that have been removed from npm for security reasonsFeross’s Web Security class at Stanford UniversityDarknet DiariesDEFCON conferenceHave I Been Pwned?Troy Hunt1% of CMS-Powered Sites Expose Their Database PasswordsTimejumps00:44 World Cup welcome02:08 Security in applications03:20 Guest introduction04:41 Why should you worry about your software supply chain?07:41 Sponsor: Ag Grid08:50 What's the attack vector like and what's the threat?15:54 Depending on dependancies to find security issues22:16 Sponsor: IdeaBlade23:13 Make it easy to do the right thing29:16 What was log4j?33:45 How does Socket work?34:36 Final thoughtsPodcast editing on this episode done by Chris Enns of Lemon Productions.

Ver todos los episodios