AiA 268: Secure Angular Apps with Philippe De Ryck

In this episode of Adventures in Angular the panel interviews Phillipe De Ryck. Phillipe is a web security expert out of Belgium. He shares ways for Angular developers to better secure their apps. Phillipe explains to the panel that his goal is not to shame developers but inspire them to do what they can. He knows most developers are just trying to get as much done in the time that they have. In this episode, he shares ways for developers to improve the security of their apps. The episode starts with some security scary stories. Phillipe invites everyone to check out the OWASP top ten projects. They have lists of the top ten security measures you should be doing, they have lists for different ecosystems and types of projects so there is something there for everyone. Phillipe explains what types of attacks are most common today. The panel wonders how do you know something is safe to install. Phillipe explains that there are no guarantees. Sharing statistics Phillipe tells then panel that it is worse than they thought, each package is most likely dependent on more packages and the odds are high that one of those packages has vulnerable code. He explains what you can do to check for those vulnerabilities and to see if they are exploitable. Phillipe shares recommendations for continuous monitoring services and other tools. He explains why Angular is the best framework for securing your apps and lists all the security features that come with Angular. He compares Angular, React, Amber, and Vue. Phillipe gives his opinion and recommendation on authentication libraries. He explains the differences between OpenID Connect and Allout, explaining how they work. The episode ends as Phillipe shares his contact information and the conferences he will be attending and speaking at. Panelists

• Aaron Frost
• Jennifer Wadella
• Brian Love
• Alyssa Nicoll

Guest

• Philippe De Ryck

Adventures in Angular is produced by DevChat.TV in partnership with Hero DevsSponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan
• Cachefly

Links

• OWASP Top Ten Project
• GitHub dependency graph
• https://snyk.io
• Angular and the OWASP top 10 | Philippe De Ryck |
• The Parts of JWT Security Nobody Talks About | Philippe De Ryck, Google Developer Expert
• https://twitter.com/philippederyck
• https://pragmaticwebsecurity.com
• https://www.facebook.com/adventuresinangular
• https://twitter.com/angularpodcast

PicksBrain Love:

• Angular Ivy

Jennifer Wadella:

• Red vs Blue
• Buttermilk-Marinated Roast Chicken

Aaron Frost:

• The listeners
• The sponsors
• The panel

Alyssa Nicoll:

• On a Scale of One to T-Rex

Philippe De Ryck:

• https://ng-be.org/

Special Guest: Philippe De Ryck.

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.