AiA 268: Secure Angular Apps with Philippe De Ryck
In this episode of Adventures in Angular the panel interviews Phillipe De Ryck. Phillipe is a web security expert out of Belgium. He shares ways for Angular developers to better secure their apps. Phillipe explains to the panel that his goal is not to shame developers but inspire them to do what they can. He knows most developers are just trying to get as much done in the time that they have. In this episode, he shares ways for developers to improve the security of their apps.
The episode starts with some security scary stories. Phillipe invites everyone to check out the OWASP top ten projects. They have lists of the top ten security measures you should be doing, they have lists for different ecosystems and types of projects so there is something there for everyone. Phillipe explains what types of attacks are most common today.
The panel wonders how do you know something is safe to install. Phillipe explains that there are no guarantees. Sharing statistics Phillipe tells then panel that it is worse than they thought, each package is most likely dependent on more packages and the odds are high that one of those packages has vulnerable code. He explains what you can do to check for those vulnerabilities and to see if they are exploitable.
Phillipe shares recommendations for continuous monitoring services and other tools. He explains why Angular is the best framework for securing your apps and lists all the security features that come with Angular. He compares Angular, React, Amber, and Vue.
Phillipe gives his opinion and recommendation on authentication libraries. He explains the differences between OpenID Connect and Allout, explaining how they work. The episode ends as Phillipe shares his contact information and the conferences he will be attending and speaking at.
- Aaron Frost
- Jennifer Wadella
- Brian Love
- Alyssa Nicoll
- Philippe De Ryck
Adventures in Angular is produced by DevChat.TV in partnership with Hero Devs
"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!
- OWASP Top Ten Project
- GitHub dependency graph
- Angular and the OWASP top 10 | Philippe De Ryck |
- The Parts of JWT Security Nobody Talks About | Philippe De Ryck, Google Developer Expert
- The listeners
- The sponsors
- The panel
Philippe De Ryck:
What is the OWASP top ten project?
Lists of the top ten security measures developers should take.
How do you know a package is safe to download?
There are no guarantees a package is safe.
What does Phillipe recommend for authentication libraries?
He recommends using a service, they know what they doing and will have the most sophisticated process.
What continuous monitoring service does Phillipe use?
Github dependency graph and Snyk