Show notes
Key Topics on Access Control Podcast: Episode 4 – Offensive Security and the JavaScript Ecosystem
- Auth0 is a platform that provides centralized login and identity for other companies.
- The offensive security team at Auth0 is an internal team that is a trusted adversary that attempts to hack the company and then provides a report, which is something that a regular adversary on the internet won't provide.
- Challenges faces as VP of Security at npm were scale and availability
— Keeping the registry online so that you could get your packages.
- Malicious packages on npm were definitely a challenge. The damaging attacks were when an account was actually taken over.
- The problem with 2FA is that it wasn't friendly for publishing.
- One security tip for building new applications is having less attackable surface.
New comment