I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js security with hands-on vulnerability review and remediation walkthroughs
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. A JavaScript & Node.js software developer, building web applications and command-line tools. A web security activist , engaging in security research, software supply chain security, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem security working group, dedicated to advancing Node.js security awareness and skill-set in the open source community. Developer Advocate at Snyk.
Awarded:
- βοΈ 2023 GitHub Star
- π 2022 OpenJS Foundation's Pathfinder Award for Security
- βοΈ 2022 GitHub Star
- βοΈ 2021 GitHub Star
- Member of Node.js Foundation's Ecosystem Security working group
- OWASP Project Member of NodeGoat
- OWASP Project Lead for CWE Tool and CWE SDK
- Author of npm Security Cheat Sheet
- Author of Node.js Docker Security Cheat Sheet
- 2023-09-13 Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
- 2023-09-15 Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
- 2023-09-04 Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev
- 2023-08-17 How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
- 2023-08-07 Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js
- 2023-07-17 Introducing Changesets: Simplify Project Versioning with Semantic Releases
- 2023-07-08 Deploying a Fastify & Vue 3 Static Site to Heroku
- 2023-06-30 Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool
- 2023-06-23 An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
- 2023-05-22 How to generate an SBOM for JavaScript and Node.js applications
- 2023-02-25 Open Source activism with ReadyCodePush
- 2023-02-22 The security concerns of a JavaScript sandbox with the Node.js VM module
- 2023-01-24 How to add client-side search with PageFind to your Astro blog static website
- 2023-01-15 Advanced usage patterns for taking page element screenshots with Playwright
- 2022-12-28 5 "no experience needed" tips for building secure applications
- 2022-12-05 How to verify and secure your Mastodon account
- 2022-11-22 Enhance your command line with Warp
- 2022-11-22 Content creators web resources
- 2022-11-07 NPM security: preventing supply chain attacks
- 2022-10-28 Are you also validating a JavaScript URL using RegEx?
- 2022-10-21 Resources for Public Speaking and Conference CFP application
- 2022-10-14 How to add Playwright tests to your pull request CI with GitHub Actions
- 2022-09-29 Choosing the best Node.js Docker image
- 2022-09-01 The npm faker package and the unexpected demise of open source libraries
- 2022-08-17 Ruby gem installations can expose you to lockfile injection attacks
- 2022-08-04 A definitive guide to Ruby gems dependency management
- 2022-08-03 Slidev 101: Coding presentations with Markdown
- 2022-05-04 3 Jedi-inspired lessons to level up your JavaScript security
- 2022-03-16 peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine
β οΈ - 2022-03-14 Build a software bill of materials (SBOM) for open source supply chain security
- 2022-03-08 Celebrating amazing open source innovation from Ukraine πΊπ¦
- 2022-02-09 Join βThe Big Fixβ to secure your projects with Snyk and earn cool swag
- 2022-01-09 Open source maintainer pulls the plug on npm packages colors and faker, now what?
- 2021-12-13 The Log4j vulnerability and its impact on software supply chain security
- 2021-11-11 Best practices for containerizing Python applications with Docker
- 2021-11-09 How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint
Essential Node.js Security Liran Tal |
Web Security: Learning HTTP Security Headers Liran Tal |
O'Reilly Serverless Security Guy Podjarny, Liran Tal |
Snyk's State of Open Source Security 2019 Liran Tal |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent