Date: Wed, 24 Feb 2021 14:38:11 +0000
<p>As Alex puts it, and as evidenced by the Falkor <a href="https://cln.sh/DKjlTy">header on our Notion planning board</a>, security at CodePen is a <em>NeverEnding Story</em>. Not in an <em>ugkadh this project will never end</em> sense, but in that there is always some patch to stay on top of, some newly-evolving best practice to follow, or some new exploit in the wild to read about and make sure we've covered whatever scenario happened to them. We just so happened to get through a bunch of security upgrades at CodePen recently so hopped on this podcast to chat about them. <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">CSP!</a> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">HSTS!</a> <a href="https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/">Zero trust networks!</a> </p> <h3 id="h-time-jumps">Time Jumps</h3> <h3 id="h-sponsor-jetpack">Sponsor: <a href="https://jetpack.com/?aff=8638">Jetpack</a></h3> <p>This is a perfect sponsor this week, as <a href="https://jetpack.com/?aff=8638">Jetpack</a> has lots of powerful security features. For example, Jetpack can help automatically keep your plugins updated. A big part of security is keeping all your code up-to-date. Jetpack can also monitor your site's uptime, meaning that if you go down you'll be alerted and can get on top of it. It will also help against brute force login attacks. Just that stuff is amazing, but Jetpack also does backups and can scan your backups for security problems in the code itself. That's a fantastic security package, all together.</p>