Thursday, November 1st, 2018
I ( Tre’ Grisby ) talked at a SFNode Meetup. The meetup was hosted by Quantcast in San Francisco, California. Quantcast was a great host and had one of the best receptions. I want to give a big thanks to Quantcast for being such gracious host!
My talk was titled “Node.js Security, best practices“. It was a top ten list of security practices that are beneficial for anyone getting started in node. The goal was to identify possible threats and tools a developer could use to minimize exposure to these threats.
I will not write out all my notes again here. Below is a link to all the resources I used in the talk.
- Talking notes, in outline form
( github.com/Trewaters/SFNode-Nov-2018/blob/master/readme.md ) - Powerpoint slides
( github.com/Trewaters/SFNode-Nov-2018/blob/master/SFNode%20November%202018.pptx )
security.md
As part of my talk I introduced a thought. In the pursuit of making security more accessible, and reporting vulnerabilities easier. I asked the JavaScript open source ecosystem to start using a “security.md” file in github repositories. ( Read more here… )
The tl;dr is… adding this file to the root directory should be a new standard. This file will have the project’s “security policy” and “vulnerability reporting expectations”. This way anyone that wants to report an issue can do so easily. This is modeled on the “security.txt” file. Check out my github repo and make comments to help me improve this proposed standard.
Please help me:
- Star this github repo
( https://github.com/Trewaters/SFNode-Nov-2018 ) - Follow me “@trewaters” on github
( https://github.com/Trewaters ) - Follow me on Twitter
( https://twitter.com/trewaters )