This week we talk Security, a crucial part of any web app. We talk about security in general, what we do to secure and protect CodePen users, and what you can do to protect your web app.
- 2:00 You should be hashing and salting usernames and passwords.
- 2:43 After salting, even if a hacker brute force attacks one of the passwords, the rest are safe
- 3:20 Other steps you can take to: prevent SQL Injection and make sure your software is up to date (we use Rails).
- 7:10 What happens if someone gets access to a CodePen account?
- 9:00 How we handle credit card security on CodePen
- 11:02 Locking down laptops and phones as mandatory business policy
- 12:30 What is XSS? (It’s basically access to web session cookies, so if someone can steal your session, they can login to other sites as you)
- 14:32 How we securely execute Javascript inside Pens
- 16:25 Sandboxing iFrames
- 21:05 Some tricky JavaScript things that get run in CodePens
- 23:14 Content Security Policy
- 26:50 Allowing backend code (preprocessing) to be written in Pens
- 28:07 Blacklisting constants and staying on top of Ruby upgrades
- 30:12 Worst-case scenario
- 30:50 Preventing bitcoin mining operations from being run on our servers
Show Links: