731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

This podcast episode covers a range of topics related to front end web development, including the history and evolution of jQuery, Stripe, design systems, Content Security Policy (CSP), inline styles, CSS security, JavaScript worms, and best practices for implementing CSP. The conversation includes insights from experienced developers who discuss the challenges, limitations, and best practices associated with these technologies.

Outlines

Sign in to continue reading, translating and more.

Continue

Syntax - Tasty Web Development Treats

The Origin of Stripe, jQuery, and Modernizr: A Conversation with Alex Sexton

Stripe's Design System Evolution and Integration Across Products

Content Security Policy: A Comprehensive Guide for Client-Side Security

Content Security Policy: Enabling What You Need

Mitigating the Risks of Content Security Policy (CSP) in Large-Scale Applications

The Dangers of Inline Styles: Clickjacking, CSS Link Knocking, and More

Uncovering the Power of CSS for Defacement and Data Exfiltration

Uncovering JavaScript Worms: From Samy to In-App Browser Manipulations

CSP Best Practices for Developers and the Importance of Early Implementation

CSP Implementation: Strategies, Best Practices, and Gotchas

Securing Web Applications: Threat Models, CSP, and Inline Styles in React

CSP in Development and Staging Environments: Best Practices and Lessons Learned

Mike West: Author of the CSP Spec and a Huge Fingerprint on the Security Landscape

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Syntax - Tasty Web Development Treats

00:00The Origin of Stripe, jQuery, and Modernizr: A Conversation with Alex Sexton

The Origin of Stripe, jQuery, and Modernizr: A Conversation with Alex Sexton

05:08Stripe's Design System Evolution and Integration Across Products

Stripe's Design System Evolution and Integration Across Products

09:53Content Security Policy: A Comprehensive Guide for Client-Side Security

Content Security Policy: A Comprehensive Guide for Client-Side Security

15:59Content Security Policy: Enabling What You Need

Content Security Policy: Enabling What You Need

21:29Mitigating the Risks of Content Security Policy (CSP) in Large-Scale Applications

Mitigating the Risks of Content Security Policy (CSP) in Large-Scale Applications

25:49The Dangers of Inline Styles: Clickjacking, CSS Link Knocking, and More

The Dangers of Inline Styles: Clickjacking, CSS Link Knocking, and More

30:45Uncovering the Power of CSS for Defacement and Data Exfiltration

Uncovering the Power of CSS for Defacement and Data Exfiltration

37:02Uncovering JavaScript Worms: From Samy to In-App Browser Manipulations

Uncovering JavaScript Worms: From Samy to In-App Browser Manipulations

41:45CSP Best Practices for Developers and the Importance of Early Implementation

CSP Best Practices for Developers and the Importance of Early Implementation

46:35CSP Implementation: Strategies, Best Practices, and Gotchas

CSP Implementation: Strategies, Best Practices, and Gotchas

50:14Securing Web Applications: Threat Models, CSP, and Inline Styles in React

Securing Web Applications: Threat Models, CSP, and Inline Styles in React

54:55CSP in Development and Staging Environments: Best Practices and Lessons Learned

CSP in Development and Staging Environments: Best Practices and Lessons Learned

58:46Mike West: Author of the CSP Spec and a Huge Fingerprint on the Security Landscape

Mike West: Author of the CSP Spec and a Huge Fingerprint on the Security Landscape