Dependency checks
Snyk CLI
Dependabot
npm audit
yarn audit
pnpm audit
Linters
ESLint Security Plugin
SonarQube Scan
Web Application Firewall
Reblaze WAF
Cloudlfare WAF
Penetration testing with OWASP ZAP
Presentation related links
What is nonce?
What is Safe Sinks?
XSS Payload List
Libraries for sanitization
- DOMPurify
- Serialize Javascript
- Angular DOM Sanitizier
SSR vulnerability presented in the talk