In this episode of Adventures in Angular the panel interviews Phillipe De Ryck. Phillipe is a web security expert out of Belgium. He shares ways for Angular developers to better secure their apps. Phillipe explains to the panel that his goal is not to shame developers but inspire them to do what they can. He knows most developers are just trying to get as much done in the time that they have. In this episode, he shares ways for developers to improve the security of their apps.
The episode starts with some security scary stories. Phillipe invites everyone to check out the OWASP top ten projects. They have lists of the top ten security measures you should be doing, they have lists for different ecosystems and types of projects so there is something there for everyone. Phillipe explains what types of attacks are most common today.
The panel wonders how do you know something is safe to install. Phillipe explains that there are no guarantees. Sharing statistics Phillipe tells then panel that it is worse than they thought, each package is most likely dependent on more packages and the odds are high that one of those packages has vulnerable code. He explains what you can do to check for those vulnerabilities and to see if they are exploitable.
Phillipe shares recommendations for continuous monitoring services and other tools. He explains why Angular is the best framework for securing your apps and lists all the security features that come with Angular. He compares Angular, React, Amber, and Vue.
Phillipe gives his opinion and recommendation on authentication libraries. He explains the differences between OpenID Connect and Allout, explaining how they work. The episode ends as Phillipe shares his contact information and the conferences he will be attending and speaking at.
Philippe De Ryck
Adventures in Angular is produced by DevChat.TV in partnership with Hero Devs
Philippe De Ryck: