))
Building Secure TypeScript Applications | Liran Tal | Ep 28B
Manage episode 497534427 series 3642378
תוכן מסופק על ידי Erik Onarheim and Kamran Ayub. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Erik Onarheim and Kamran Ayub או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Liran Tal (lirantal.com) from Snyk joins us to dive deep into writing secure TypeScript applications. What's different compared to vanilla JavaScript security? Will schema validators fix all our woes? Can't we let LLMs find and fix security vulnerabilities? Liran educates us about the pitfalls and risks with misplacing trust in TypeScript and LLMs and what we can do to write more secure code.
Chapters
- (00:00) - Introducing Liran Tal
- (02:56) - What's Special About TypeScript Security vs. JavaScript Security?
- (04:23) - Misplacing Trust in Types
- (05:49) - Practical Examples of TypeScript Security Issues
- (08:43) - Why Does TypeScript Security Matter?
- (10:23) - TypeScript is Not a Security Tool
- (11:14) - How Does HTTP Parameter Pollution Work?
- (12:45) - Ways to Mitigate Parameter Pollution
- (15:44) - Schema Validators Won't Always Save You
- (16:51) - How Prototype Pollution Works
- (18:23) - Exploiting Schema Validators Through Prototype Pollution
- (21:50) - Mitigating Prototype Pollution Risks
- (25:21) - Consequences of Prototype Pollution
- (27:23) - Ways to Safely Merge Objects
- (30:03) - How Can TypeScript Developers Improve Their Security Posture?
- (33:17) - How Do LLMs Impact Secure Coding?
- (39:11) - Misplacing Trust in AI-Generated Code
- (41:10) - Can LLMs Review and Fix Secure Code?
- (45:57) - So We're All Doomed, Right?
- (48:31) - Bonus: Game Development as a Teaching Tool
- (54:48) - Where to Find Liran
Links
- Liran's website and blog
- Talk: Friend or Foe? TypeScript Security Fallacies
- Course: Node.js Security Course
- Book: Essential Node.js Security
- Book: Serverless Security
- Tool: npq (welcoming contributions!)
- https://github.com/lirantal/is-website-vulnerable
- Game: Dependency Frost
- Paper: Are AI-generated fixes secure? (July 2025)
Sponsored by Excalibur.js
Excalibur.js is the friendly TypeScript game engine for making 2D web games. Use your TypeScript or JavaScript skills to make games! Excalibur comes out-of-the-box with everything you need to make web games, like physics, sprites, animations, sound effects, input, and particles. Design your assets with tools like Aseprite and Tiled, then load them natively using first-party plugins.
Music
Seahorse Dreams by Kubbi (Spotify)
39 פרקים
שתפו
