ShopTalk Show

A weekly podcast about building websites from Dave Rupert and Chris Coyier. Please subscribe where you prefer. Join us on Discord by supporting the show on Patreon.

Send in Discussion Topic →or Ask a Question or whatever
Search

250: Web Security

Download MP3

We're talking web security with a couple of web security experts - April King and Alex Sexton. We talk through the ways your site can get attacked and then cover the key things you can do to protect yourself from the majority of attacks.

Tags:

Guests

April King

Web · Social

April is a security engineer at Mozilla.

Alex Sexton

Web · Social

Alex is a front-end infrastructure engineer at Stripe.

Time Jump Links

  • 5:30 Who picked the scores for the Mozilla observatory test suite?
  • 7:20 Are these attacks a back end problem or a front end problem?
  • 9:01 What is HTTPS and why do I need it?
  • 13:30 It's pretty safe to assume at least somebody is listening to your traffic
  • 16:30 Why wouldn't a site use HTTPS everywhere?
  • 17:35 Should I use it for my blog?
  • 26:35 What's XSS?
  • 29:50 How do I stop XSS attacks?
  • 34:50 How do you set CSP?
  • 44:20 Inline stylesheets as an anti-pattern.
  • 50:00 What's CSRF?
  • 53:00 What's CORS?
  • 55:40 What's sub-resource integrity?
  • 1:02:00 What happens if my site gets an F from Mozilla observatory?
  • 1:07:30 How long does it take to secure my site and how do I know I did it right?
  • 1:12:10 What tools do I use to test my site?

Related Shows