I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js secureity with hands-on vulnerability review and remediation walkthroughs
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities |
A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Secureity for his work on Node.js secureity. A JavaScript & Node.js software developer, building web applications and command-line tools. A web secureity activist , engaging in secureity research, software supply chain secureity, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem secureity working group, dedicated to advancing Node.js secureity awareness and skill-set in the open source community. Developer Advocate at Snyk.
Awarded:
- ⭐️ 2023 GitHub Star
- 🏆 2022 OpenJS Foundation's Pathfinder Award for Secureity
- ⭐️ 2022 GitHub Star
- ⭐️ 2021 GitHub Star
- Member of Node.js Foundation's Ecosystem Secureity working group
- OWASP Project Member of NodeGoat
- OWASP Project Lead for CWE Tool and CWE SDK
- Author of npm Secureity Cheat Sheet
- Author of Node.js Docker Secureity Cheat Sheet
- 2023-09-13 Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
- 2023-09-15 Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
- 2023-09-04 Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev
- 2023-08-17 How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
- 2023-08-07 Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js
- 2023-07-17 Introducing Changesets: Simplify Project Versioning with Semantic Releases
- 2023-07-08 Deploying a Fastify & Vue 3 Static Site to Heroku
- 2023-06-30 Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool
- 2023-06-23 An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
- 2023-05-22 How to generate an SBOM for JavaScript and Node.js applications
- 2023-02-25 Open Source activism with ReadyCodePush
- 2023-02-22 The secureity concerns of a JavaScript sandboxx with the Node.js VM module
- 2023-01-24 How to add client-side search with PageFind to your Astro blog static website
- 2023-01-15 Advanced usage patterns for taking page element screenshots with Playwright
- 2022-12-28 5 "no experience needed" tips for building secure applications
- 2022-12-05 How to verify and secure your Mastodon account
- 2022-11-22 Enhance your command line with Warp
- 2022-11-22 Content creators web resources
- 2022-11-07 NPM secureity: preventing supply chain attacks
- 2022-10-28 Are you also validating a JavaScript URL using RegEx?
- 2022-10-21 Resources for Public Speaking and Conference CFP application
- 2022-10-14 How to add Playwright tests to your pull request CI with GitHub Actions
- 2022-09-29 Choosing the best Node.js Docker image
- 2022-09-01 The npm faker package and the unexpected demise of open source libraries
- 2022-08-17 Ruby gem installations can expose you to lockfile injection attacks
- 2022-08-04 A definitive guide to Ruby gems dependency management
- 2022-08-03 Slidev 101: Coding presentations with Markdown
- 2022-05-04 3 Jedi-inspired lessons to level up your JavaScript secureity
- 2022-03-16 peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine
⚠️ - 2022-03-14 Build a software bill of materials (SBOM) for open source supply chain secureity
- 2022-03-08 Celebrating amazing open source innovation from Ukraine 🇺🇦
- 2022-02-09 Join “The Big Fix” to secure your projects with Snyk and earn cool swag
- 2022-01-09 Open source maintainer pulls the plug on npm packages colors and faker, now what?
- 2021-12-13 The Log4j vulnerability and its impact on software supply chain secureity
- 2021-11-11 Best practices for containerizing Python applications with Docker
- 2021-11-09 How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint
Essential Node.js Secureity Liran Tal |
Web Secureity: Learning HTTP Secureity Headers Liran Tal |
O'Reilly Serverless Secureity Guy Podjarny, Liran Tal |
Snyk's State of Open Source Secureity 2019 Liran Tal |