Offensive Security and the JavaScript Ecosystem

Show notes

Key Topics on Access Control Podcast: Episode 4 – Offensive Security and the JavaScript Ecosystem

  • Auth0 is a platform that provides centralized login and identity for other companies.
  • The offensive security team at Auth0 is an internal team that is a trusted adversary that attempts to hack the company and then provides a report, which is something that a regular adversary on the internet won't provide.
  • Challenges faces as VP of Security at npm were scale and availability — Keeping the registry online so that you could get your packages.
  • Malicious packages on npm were definitely a challenge. The damaging attacks were when an account was actually taken over.
  • The problem with 2FA is that it wasn't friendly for publishing.
  • One security tip for building new applications is having less attackable surface.

New comment

Your name or nickname, will be shown publicly
At least 10 characters long
By submitting your comment you agree that the content of the field "Name or nickname" will be stored and shown publicly next to your comment. Using your real name is optional.