Light

Liran Tal photo

lirantal Goto Github PK

followers: 2.0K following: 853.0 repos: 387.0 gists: 28.0

Name: Liran Tal

Type: User

Company: @snyk

Bio: 🦄 Node.js Secure Coding: nodejs-security.com 🌟 @GitHub Star 🏅 @OpenJS Pathfinder award for Security 🥑 DevRel at @snyksec

Twitter: liran_tal

Location: Tel Aviv, Israel

Blog: https://lirantal.com

Hi, I'm Liran 👋

I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js security with hands-on vulnerability review and remediation walkthroughs

Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

_{Node.js Secure Coding: Defending Against Command Injection Vulnerabilities}

Node.js Secure Coding:Prevention and Exploitation of Path Traversal Vulnerabilities

_{Node.js Secure Coding: Defending Against Command Injection Vulnerabilities}

Software Engineer · Web Security Activist · Author

A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. A JavaScript & Node.js software developer, building web applications and command-line tools. A web security activist , engaging in security research, software supply chain security, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem security working group, dedicated to advancing Node.js security awareness and skill-set in the open source community. Developer Advocate at Snyk.

Awarded:

⭐️ 2023 GitHub Star
🏆 2022 OpenJS Foundation's Pathfinder Award for Security
⭐️ 2022 GitHub Star
⭐️ 2021 GitHub Star

Web Security Activism

Member of Node.js Foundation's Ecosystem Security working group
OWASP Project Member of NodeGoat
OWASP Project Lead for CWE Tool and CWE SDK
Author of npm Security Cheat Sheet
Author of Node.js Docker Security Cheat Sheet

My latest articles on the Snyk blog and my blog

2023-09-13 Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
2023-09-15 Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
2023-09-04 Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev
2023-08-17 How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
2023-08-07 Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js
2023-07-17 Introducing Changesets: Simplify Project Versioning with Semantic Releases
2023-07-08 Deploying a Fastify & Vue 3 Static Site to Heroku
2023-06-30 Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool
2023-06-23 An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
2023-05-22 How to generate an SBOM for JavaScript and Node.js applications
2023-02-25 Open Source activism with ReadyCodePush
2023-02-22 The security concerns of a JavaScript sandbox with the Node.js VM module
2023-01-24 How to add client-side search with PageFind to your Astro blog static website
2023-01-15 Advanced usage patterns for taking page element screenshots with Playwright
2022-12-28 5 "no experience needed" tips for building secure applications
2022-12-05 How to verify and secure your Mastodon account
2022-11-22 Enhance your command line with Warp
2022-11-22 Content creators web resources
2022-11-07 NPM security: preventing supply chain attacks
2022-10-28 Are you also validating a JavaScript URL using RegEx?
2022-10-21 Resources for Public Speaking and Conference CFP application
2022-10-14 How to add Playwright tests to your pull request CI with GitHub Actions
2022-09-29 Choosing the best Node.js Docker image
2022-09-01 The npm faker package and the unexpected demise of open source libraries
2022-08-17 Ruby gem installations can expose you to lockfile injection attacks
2022-08-04 A definitive guide to Ruby gems dependency management
2022-08-03 Slidev 101: Coding presentations with Markdown
2022-05-04 3 Jedi-inspired lessons to level up your JavaScript security
2022-03-16 peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine ⚠️
2022-03-14 Build a software bill of materials (SBOM) for open source supply chain security
2022-03-08 Celebrating amazing open source innovation from Ukraine 🇺🇦
2022-02-09 Join “The Big Fix” to secure your projects with Snyk and earn cool swag
2022-01-09 Open source maintainer pulls the plug on npm packages colors and faker, now what?
2021-12-13 The Log4j vulnerability and its impact on software supply chain security
2021-11-11 Best practices for containerizing Python applications with Docker
2021-11-09 How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint

Published Author

Essential Node.js Security

_{Essential Node.js Security}
_{Liran Tal}

Web Security: Learning HTTP Security Headers

_{Web Security: Learning HTTP Security Headers}
_{Liran Tal}

O'Reilly Serverless Security

_{O'Reilly Serverless Security}
_{Guy Podjarny, Liran Tal}

State of Open Source Security 2019

_{Snyk's State of Open Source Security 2019}
_{Liran Tal}

Liran Tal's Projects

012cable

A QT-based PPTP dialer for Linux users of the 012 Israel ISP

action-my-markdown-linter

Style checking and linting for Markdown files

admin

Facilitating joint collaboration amongst the TSC and CommComm

agilemanager-api

HPE's Agile Manager client API module for NodeJS

alexanderdr1

almanac.httparchive.org

HTTP Archive's annual "State of the Web" report made by the web community

angular-cli

CLI tool for Angular2

angular.js

HTML enhanced for web apps

anti-trojan-source

Detect trojan source attacks that employ unicode bidi attacks to inject malicious code

array-to-objecthash

Converts an Array to an Object Hash based on specified object key

asciidoc-book-starter

A template repository that is ready to author and publish books written in AsciiDoc format

asciidoctor-pdf

:page_with_curl: Asciidoctor PDF: A native PDF converter for AsciiDoc based on Asciidoctor and Prawn, written entirely in Ruby.

astro-keyboard-controls

An Astro plugin that binds keyboard keys for actions like focus on search box and others

astroship

Astroship is a starter template for startups, marketing websites, landing pages & blog. Built with Astro & TailwindCSS

astrowind

🚀 A template to make your website using Astro + Tailwind CSS.

atombundles

Easily install all packages required to create an Atom Bundle for a Language or Platform

attackgen

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details.

aviramv

aviyadavid

awesome-actions

A curated list of awesome actions to use on GitHub

awesome-appsec

A curated list of resources for learning about application security

awesome-cli-apps

A curated list of command line apps

awesome-contract-testing

Awesome resources for Consumer-Driven Contract Testing

awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

awesome-docker

:whale: A curated list of Docker resources and projects

awesome-nextjs

:notebook_with_decorative_cover: :books: A curated list of awesome resources : books, videos, articles about using Next.js (A minimalistic framework for universal server-rendered React applications)

awesome-nodejs

:zap: Delightful Node.js packages and resources

awesome-nodejs-security

Awesome Node.js Security resources

awesome-npm

Awesome npm resources and tips

awesome-opensource-israel

A curated list of Israeli-made projects, events, and individuals

1
2
3
4
5
6
7
8
9
10
11
12
13

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.