How To Write Secure JavaScript Applications

author Coding Tech   11 мес. назад
46,597 views

1,013 Like   66 Dislike

The JavaScript Starter Kit Manifesto

You know minification, linting, testing, bundling, cache busting, transpiling and so on are important. But does your team do all this consistently? Likely not. That's why every team needs a starter kit. Let's discuss why it's so critical, and what belongs in the box. EVENT: Nodevember, November 2016 SPEAKER: Cory House PERMISSIONS: The original video was published on Nodevember YouTube channel with the Creative Commons Attribution license (reuse allowed). ORIGINAL SOURCE: https://www.youtube.com/watch?v=QGCWal_JWek

What Physics Teachers Get Wrong About Tides! | Space Time | PBS Digital Studios

Tweet at us! @pbsspacetime Facebook: facebook.com/pbsspacetime Email us! pbsspacetime [at] gmail [dot] com Comment on Reddit: http://www.reddit.com/r/pbsspacetime Support us on Patreon! http://www.patreon.com/pbsspacetime Help translate our videos! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC7_gcs09iThXybpVgjHZ_7g We all know tides have something to do with gravity from the Moon and Sun, but if gravity affects the motion of all objects equally, then how come oceans have large tides while other bodies of water don't? It's because your mental picture of the tides is probably WRONG!!! Join Gabe on this week’s episode of PBS Space Time as he sets the record straight on tidal force, gravitational differential and what role the moon actually plays in tides. Why don't lakes have tides? Watch the episode to find out! Emily Rice (NASA Space Apps Challenge talk on Exoplanet Atmospheres): https://www.youtube.com/watch?v=rYGTZkueKWc&t=6s https://about.me/emilyrice Sean Carroll (lecture notes on general relativity): http://ned.ipac.caltech.edu/level5/March01/Carroll3/Carroll4.html For Additional Info on tides: https://www.youtube.com/watch?v=gftT3wHJGtg https://www.youtube.com/watch?v=KlWpFLfLFBI ------------------------------------------------- COMMENTS: Johan 't Hart https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13mz50oqu2liptvs22qv5vjunjvv3ctp Marcos MH https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z122splo5zukxlg5104cc11p5qm0yrtxojc Campbell McLauchlan https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z12dzpx4ypz4yhap304cc1tz4n2jjxnw5us0k Pedro Gusmão https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13ghfv5uk33yxbgk04cidsxspyutv4wpek Michael Winter https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13jtluhgpqpzzzym04cjn0ytqf5tlyje3o Anthony Englert (antenglert) https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z133y1ubnrisir5if04cijxqtnuadf3ixg0 Ciroluiro https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13ngtg43pivcxqiy04cdjgilsjmfxoqivo0k electrocat1 https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z123xd3r3yv2ibcwz04cj5szrwi0hpcqpso0k dligac https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13asf4xanerxr1pq04cfvyzpufmvvmzdks0k KRIGBERT https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13bzh5zkqi1cdg3w22gz3qjaxj4enxuo Mark G https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13mhvy4xu3yz5tbi04cchkhnwv2wvbhgws0k Arunabha D. https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z13scbwp5zqahb5p404cfh344tfjf3th2tk0k Iwon't tellmyname https://www.youtube.com/watch?v=AwhKZ3fd9JA&lc=z12iwfmxxny2zfird04cep1pbyerjvx5wtw0k ------------------------------------------------- Let us know what topics you want to learn more about: http://bit.ly/spacetimepoll

Basic Security Settings: Express.js Training

This tutorial covers basic security enhancements that can be set within an express application to mitigate things like CSRF, insecure caching, and clickjacking. Additionally, we cover using the Helmet library within an express application. This video was created by nVisium. For similar free training videos visit https://seccasts.com/ and make an account!

GOTO 2012 • Scaling Yourself • Scott Hanselman

This presentation was recorded at GOTO Aarhus 2012 http://gotocon.com Scott Hanselman - Principal Program Manager, Microsoft ABSTRACT As information workers, we are asked to absorb even more information than ever before. More blogs, more documentation, more patterns, more layers of abstraction. Now Twitter and Facebook compete with Email and Texts for our attention, keeping us up-to-date on our friends dietary details and movie attendance second-by-second. Does all this information take a toll on your psyche or sharpen the saw? Is it a matter of finding the right tools and filters to capture what you need, or do you just need to unplug. Is ZEB (zero email bounce) a myth or are there substantive techniques for prioritizing your life on the web? Come see Scott's famous "Scaling Yourself" talk, adapted to take only 15 minutes of your time! https://twitter.com/gotocon https://www.facebook.com/GOTOConference http://gotocon.com

Allow things to unfold and you will find your Purpose in Life. | Peggy Oki | TEDxQueenstown

With an appreciation of flow and motion Peggy's life has been always been driven by passion. From surfing and skateboarding to the intimate appreciation what she calls the 'Cetacean Nation'. Discovering the transformative force of participation artwork through her Origami Whales project was the first step to realising that passion could be harnessed, amplified and ultimately inspire for a deeper purpose. Surfer, Skateboarder, Artist and Activist. Once the only female member of the famous Zephyr Skateboard team from documentary 'Dogtown and Z-Boys': Peggy’s love of the outdoors inspires her to travel worldwide in search of good surf. In 2004, she founded the Origami Whales Project to raise awareness about commercial whaling. She has also developed the Whales and Dolphins Ambassador Program and led campaigns such as ‘Let’s Face It’, which petitions to save New Zealand’s critically endangered Maui’s dolphins and Hector’s dolphins. This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at http://ted.com/tedx

Thought you knew JavaScript security? Well, you don't. At least not as well as you thought you did. From CSRF to crypto, I'm going to teach you everything you absolutely must know to write secure JavaScript, especially web applications in particular, both front and backend. An emphasis will be put on teaching *practical* techniques and *best practices* that you can immediately go back to your company or organization and implement.

Among the topics we will cover are preventing common and not-so-common but still critical vulnerabilities in JavaScript code, ranging from CSRF, command injection, improper password handling, broken authentication and authorization, bad cryptography, and more. We will also cover the best practices when attempting to write secure JavaScript code, on both the front and backend. From things like properly implementing user management schemes to as high-level as convincing your co-workers that security *does matter*, we will explore as much as possible in the time we have together.

Best of all, you *don't have to have security experience*! Come as you are and dive into the intertwined worlds of JavaScript and security and learn how to write the most secure JavaScript and Node.JS applications of your life.

EVENT: Nodevember 2016

SPEAKER: Jared Smith

PERMISSIONS: The original video was published on the Nodevember YouTube channel with the Creative Commons Attribution license (reuse allowed).

ORIGINAL SOURCE: https://www.youtube.com/watch?v=POmnL-PruAs&t=4s

Comments for video: