Recording date: 12/1/2022

John Papa @John_Papa

Ward Bell @WardBell

Dan Wahlin @DanWahlin

Craig Shoemaker @craigshoemaker

Feross Aboukhadijeh @Feross

Brought to you by

• AG Grid
• IdeaBlade

Resources:

• Feross Aboukhadijeh’s website
• Feross Aboukhadijeh’s GitHub
• Log4j
• The Federal Trade Commission’s (FTC) note on Log4j
• Socket – Secure your JavaScript supply chain
• What’s really going on in your node_modules folder?
• Vulnerability scanning isn’t enough to protect your app
• Auditing npm packages for security vulnerabilities
• GitHub Dependabot
• List of package security issues that Socket detects
• List of npm packages that have been removed from npm for security reasons
• Feross’s Web Security class at Stanford University
• Darknet Diaries
• DEFCON conference
• Have I Been Pwned?
• Troy Hunt
• 1% of CMS-Powered Sites Expose Their Database Passwords

Timejumps

• 00:44 World Cup welcome
• 02:08 Security in applications
• 03:20 Guest introduction
• 04:41 Why should you worry about your software supply chain?
• 07:41 Sponsor: Ag Grid
• 08:50 What's the attack vector like and what's the threat?
• 15:54 Depending on dependancies to find security issues
• 22:16 Sponsor: IdeaBlade
• 23:13 Make it easy to do the right thing
• 29:16 What was log4j?
• 33:45 How does Socket work?
• 34:36 Final thoughts

Podcast editing on this episode done by Chris Enns of Lemon Productions.