"Char Wars: The Path Traversal Strikes Back"
These days of cyber warfare and targeted supply chain attacks on open source packages we developers are more attentive to security vulnerabilities. Yet writing secure code to avoid security vulnerabilities is an entirely different paradigm that needs to be mastered. One such vulnerability is Path Traversal, and while it may sound harmless, it is in fact ubiquitous and presents a significant risk. My session will teach you how path traversal vulnerabilities manifest in everything from code in your own applications to code in dependencies to core modules in the Node.js runtime. Additionally, path traversal vulnerabilities may endanger your local development setup and lead to insecure Node.js applications risking your production environment. Join me to gain a new secure coding skill and learn how to mitigate this set of security vulnerabilities.
"Developer Security Essentials with Snyk"
Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.
"Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security.
Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.