Last October, I was lucky enough to attend the first ever Meteor Space Camp! True to its “unconference” roots, the weekend was punctuated by fantastic talks on a variety of Meteor topics, by a collection of amazing Meteor developers.
I decided to give a talk on Meteor security with a heavy focus on the importance of making assertions about user-provided data. The talk was called, “Why You Should Always Check Your Arguments”, and it’s available on Youtube!
Take a look, and be sure to always check your arguments!
Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!