Stripe Engineer explains Client Security
Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy).
Show Notes
00:00 Welcome to Syntax!
00:31 Brought to you by Sentry.io.
00:57 Who is Alex Sexton?
04:44 Stripe dashboard is a work of art.
05:08 Tell us about the design system.
08:59 Who develops the iOS app?
09:50 Stripe's CSP (content security policy).
12:50 What even is a content security policy?
13:57 Douglas Crockford of Yahoo on security.
15:13 Security philosophy.
16:59 What about inline styles and inline JavaScript?
19:41 How do we safely set inline styles from JS?
20:20 Setting up with meta tags.
22:52 What are common situations that require security exceptions?
26:24 Potential damage with inline style tags.
32:45 Looping vulnerabilities.
36:32 What about JavaScript injection?
37:09 Myspace Sammy Worm.
42:02 Does a CSP stop code from running in the console?
43:28 What are some general security best practices?
46:35 Strategies for rolling out a CSP.
51:49 Final tip, Strict Dynamic.
56:36 Where does the CSP live within Stripe?
59:35 One last story.
01:01:20 Sick Picks + Shameless Plugs
All links available at syntax.fm/731
------------------------------------------------------------------------------
Hit us up on Socials!
Scott: / stolinski
Wes: / wesbos
Randy: / @randyrektor
Syntax: / syntaxfm
www.syntax.fm
Brought to you by Sentry.io
#webdevelopment #webdeveloper #javascript
Пікірлер: 11
This was a really good one - thanks to Alex Sexton for coming on and explaining how CSP works.
@nym49
4 ай бұрын
Super interesting topic! What about an episode regarding the security or insecurity of browser extensions? Not sure who'd be an expert on that topic, though 🤔
@WesBos
3 ай бұрын
@@nym49 We have one in the works actually - let me know if you have any questions
Yes - more like this please
The YayQuery podcast theme song was the best. I think I can still hear it.
conan o'brien ??
@AlexSexton
4 ай бұрын
how dare u
Hearing north americans shepishly say "nonce" always brightens my day without fail. Great episode!
Quite the coup getting Conan on the podcast, congrats.
first!
@WesBos
4 ай бұрын
second!