I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js security with hands-on vulnerability review and remediation walkthroughs
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. A JavaScript & Node.js software developer, building web applications and command-line tools. A web security activist, engaging in security research, software supply chain security, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem security working group, dedicated to advancing Node.js security awareness and skill-set in the open source community. Developer Advocate at Snyk.
Awarded:
- ⭐️ 2023GitHub Star
- 🏆 2022 OpenJS Foundation'sPathfinder Award for Security
- ⭐️ 2022GitHub Star
- ⭐️ 2021GitHub Star
- Member of Node.js Foundation'sEcosystem Security working group
- OWASP Project Member ofNodeGoat
- OWASP Project Lead forCWE ToolandCWE SDK
- Author ofnpm Security Cheat Sheet
- Author ofNode.js Docker Security Cheat Sheet
- 2023-09-13Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
- 2023-09-15Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
- 2023-09-04Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev
- 2023-08-17How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
- 2023-08-07Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js
- 2023-07-17Introducing Changesets: Simplify Project Versioning with Semantic Releases
- 2023-07-08Deploying a Fastify & Vue 3 Static Site to Heroku
- 2023-06-30Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool
- 2023-06-23An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
- 2023-05-22How to generate an SBOM for JavaScript and Node.js applications
- 2023-02-25Open Source activism with ReadyCodePush
- 2023-02-22The security concerns of a JavaScript sandbox with the Node.js VM module
- 2023-01-24How to add client-side search with PageFind to your Astro blog static website
- 2023-01-15Advanced usage patterns for taking page element screenshots with Playwright
- 2022-12-285 "no experience needed" tips for building secure applications
- 2022-12-05How to verify and secure your Mastodon account
- 2022-11-22Enhance your command line with Warp
- 2022-11-22Content creators web resources
- 2022-11-07NPM security: preventing supply chain attacks
- 2022-10-28Are you also validating a JavaScript URL using RegEx?
- 2022-10-21Resources for Public Speaking and Conference CFP application
- 2022-10-14How to add Playwright tests to your pull request CI with GitHub Actions
- 2022-09-29Choosing the best Node.js Docker image
- 2022-09-01The npm faker package and the unexpected demise of open source libraries
- 2022-08-17Ruby gem installations can expose you to lockfile injection attacks
- 2022-08-04A definitive guide to Ruby gems dependency management
- 2022-08-03Slidev 101: Coding presentations with Markdown
- 2022-05-043 Jedi-inspired lessons to level up your JavaScript security
- 2022-03-16peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine
⚠️ - 2022-03-14Build a software bill of materials (SBOM) for open source supply chain security
- 2022-03-08Celebrating amazing open source innovation from Ukraine🇺🇦
- 2022-02-09Join “The Big Fix” to secure your projects with Snyk and earn cool swag
- 2022-01-09Open source maintainer pulls the plug on npm packages colors and faker, now what?
- 2021-12-13The Log4j vulnerability and its impact on software supply chain security
- 2021-11-11Best practices for containerizing Python applications with Docker
- 2021-11-09How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint
Essential Node.js Security Liran Tal |
Web Security: Learning HTTP Security Headers Liran Tal |
O'Reilly Serverless Security Guy Podjarny, Liran Tal |
Snyk's State of Open Source Security 2019 Liran Tal |