Episode 109 - Verify and Verify Again
Episode 109 - Verify and Verify Again

Episode 109 - Verify and Verify Again

Gigi_Lamayne

16 min349 plays
News
Play

Description

<p>Making sure our #VoiceFirst applications are written securely and use secure components is important. And when one of those components has a security bug, it is important that we update it as soon as we can. Mark highlights a recent security vulnerability in the node-forge module, which is used by the alexa-verifier-middleware module. Mark and Allen then discuss what the verifier does and how we can be careful when it comes to using libraries.</p> <p>Some references:</p> <ul> <li>alexa-verifier-middleware: https://www.npmjs.com/package/alexa-verifier-middleware</li> <li>Alexa verification: https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#manually-verify-request-sent-by-alexa</li> <li>Issues with node-forge: https://github.com/advisories/GHSA-x4jg-mjrx-434g</li> </ul>

Episode 109 - Verify and Verify Again - Listen Free | WowFM