SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security

SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security

Author: team@se-radio.net (SE-Radio Team) November 13, 2024 Duration: 1:07:32
Software Engineering Radio - the podcast for professional software developers
TechnologyEducation

Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- joins SE Radio host Kanchan Shringi for a conversation about the security risks posed by third-party browser scripts. Through real-world examples and insights drawn from his work in web security, Simon highlights the dangers, including malicious attacks such as the recent Polyfill.io incident. He emphasizes the need for vigilant monitoring, as these third-party scripts remain essential for website functionalities like analytics, chatbots, and ads, despite their potential vulnerabilities. Simon explores the use of self-hosting solutions and content security policies (CSPs) to minimize risks, but he stresses that these measures alone are insufficient to fully safeguard websites. 

As the discussion continues, they delve into the importance of layering security approaches. Simon advocates for combining techniques like CSPs, real-time monitoring, and AI-driven analysis, which his company c/side employs to detect and block malicious scripts. He also touches on the complexities of securing single-page applications (SPAs), which allow scripts to persist across pages without full reloads, increasing the attack surface for third-party vulnerabilities. Brought to you by IEEE Computer Society and IEEE Software magazine.


For developers who build the world's most critical systems, Software Engineering Radio offers deep, substantive conversations that move beyond the hype cycle. This isn't about quick tips or news flashes; it's a dedicated audio library for career engineers seeking to solidify their foundational knowledge and explore advanced concepts. Each episode is crafted as an enduring resource, featuring either a comprehensive tutorial breaking down a specific technology or methodology, or a detailed interview with a leading practitioner shaping the field. You'll hear focused discussions on everything from low-level systems architecture and programming language design to team dynamics and project management, all through the lens of professional software creation. The content is exclusively produced for this podcast, ensuring thoughtful, in-depth analysis you won't find simply repackaged from conference talks. If your work demands a rigorous understanding of the craft, this is the podcast for you.
Author: Language: en-us Episodes: 100

Official website RSS
spotifydeezer
Software Engineering Radio - the podcast for professional software developers
Podcast Episodes
SE Radio 636: Sriram Panyam on SaaS Control Planes [not-audio_url] [/not-audio_url]

Duration: 1:02:23
Sriram Panyam, CTO at DagKnows, discusses SaaS Control Planes with SE Radio host Brijesh Ammanath. The discussion starts off with the basics, examining what control planes are and why they're important. Sriram then discu…
SE Radio 635: Stevie Caldwell on Zero-Trust Architecture [not-audio_url] [/not-audio_url]

Duration: 50:21
Stevie Caldwell, Senior Engineering Technical Lead at Fairwinds, joins host Priyanka Raghavan to discuss zero-trust network reference architecture. The episode begins with high-level definitions of zero-trust architectur…
SE Radio 634: Jim Bugwadia on Kubernetes Policy as Code [not-audio_url] [/not-audio_url]

Duration: 1:02:22
Jim Bugwadia, CEO of Nirmata and a committer to the Kyverno projects, joins host Robert Blumen for a discussion of policy-as-code and the open source Kyverno project. The discussion covers the nature of policies; policie…
SE Radio 632: Goran Petrovic on Mutation Testing at Google [not-audio_url] [/not-audio_url]

Duration: 55:59
Goran Petrovic, a Staff Software Engineer at Google, speaks with host Gregory M. Kapfhammer about how to perform mutation testing on large software systems. They explore the design and implementation of the mutation test…
SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack [not-audio_url] [/not-audio_url]

Duration: 44:00
Luis Rodríguez, CTO of Xygeni.io, joins host Robert Blumen for a discussion of the recently thwarted attempt to insert a backdoor in the SSH (Secure Shell) daemon. OpenSSH is a popular implementation of the protocol used…
SE Radio 629: Emily Bache on Katas and the Importance of Practice [not-audio_url] [/not-audio_url]

Duration: 51:52
Emily Bache, founder of the Samman Technical Coaching Society and author of several books about technical agile coaching, talks with SE Radio host Sam Taggart about katas and the importance of practice. They discuss how…
SE Radio 628: Hans Dockter on Developer Productivity [not-audio_url] [/not-audio_url]

Duration: 56:46
Hans Dockter, the creator of the Gradle build tool and founder of Gradle Inc, the company behind the developer productivity platform Develocity, joins SE Radio host Giovanni Asproni to talk about developer productivity.…
SE Radio 627: Chuck Weindorf on Leaders and Software Engineers [not-audio_url] [/not-audio_url]

Duration: 57:07
Chuck Weindorf, a retired IT director and chief engineer with nearly 40 years' experience in software engineering, joins host Jeff Doolittle for a conversation about the concepts in Chuck's book, Leaders & Software Engin…

«1...5678910»