51 - Jim Manico & Developing Securely

    This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords For more information, including the show notes check out https://breachsense.io/podcast