Episode 109 - Verify and Verify Again
Aug 25, 2022•17 min•Season 1Ep. 109
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Making sure our #VoiceFirst applications are written securely and use secure components is important. And when one of those components has a security bug, it is important that we update it as soon as we can. Mark highlights a recent security vulnerability in the node-forge module, which is used by the alexa-verifier-middleware module. Mark and Allen then discuss what the verifier does and how we can be careful when it comes to using libraries.
Some references:
- alexa-verifier-middleware: https://www.npmjs.com/package/alexa-verifier-middleware
- Alexa verification: https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#manually-verify-request-sent-by-alexa
- Issues with node-forge: https://github.com/advisories/GHSA-x4jg-mjrx-434g
For the best experience, listen in Metacast app for iOS or Android