Posts Tagged ‘IngridEpure’
[DotSecurity2017] Counter-spells and the Art of Keeping Your Application Safe
In the arcane atelier of application assurance, where user whims whirl into wicked whimsy, wielding wards against web’s wicked whims demands diligence and dexterity. Ingrid Epure, a frontend alchemist at Intercom, invoked this incantation at dotSecurity 2017, transmuting tales of Ember’s exigencies into elixirs for Ember’s endurance. A Romanian expatriate ensconced in Dublin’s digital demesne, Ingrid’s immersion—four-year Ember opus, Rails’ rearward rampart—yields yarns of 55 scribes scripting 2,000 shifts, 100 deploys diurnal.
Ingrid’s invocation opened with Intercom’s incantus: real-time runes for messaging’s mosaic, 250 commits cascading 30K additions—vulnerabilities’ vortex in velocity’s vortex. XSS’s xanthic xanthoma: inline sorcery (Ember’s {{}} incantations) inviting injection’s infestation—’s sorcery, CSP’s countercharm. Ingrid illuminated Ember’s ember: helpers’ hygiene (HTML-escapers’ aegis), bindings’ bulwark (triple braces’ taboo). Tools’ talisman: npm’s audit, ember-cli’s eldritch eyes—vulnerabilities’ vigil, dependencies’ divination.
CSRF’s chicanery: Ember’s CSRF tokens, Rails’ requiem—double-submit’s duality, synchronizer’s sentinel. Ingrid invoked interceptors: Ember’s data’s dominion, Rails’ requital. Content Security Policy’s codex: v2’s vigilance (nonces’ nebula, hashes’ heraldry), v3’s valor—scripts’ scrutiny, inline’s inquisition. Ingrid’s imprecation: Ember addon’s aegis, Node’s nexus—alerts’ alarum, anomalies’ augury.
This conjury: clean code’s creed, tools’ tome—CSP’s citadel, vulnerabilities vanquished.
Vulnerabilities’ Vortex and Wards’ Weave
Ingrid invoked Intercom’s incantus: Ember’s exigencies, XSS’s xanthoma—helpers’ hygiene, bindings’ bulwark.
CSRF’s Chicanery and CSP’s Codex
Tokens’ talisman, interceptors’ insight—v2’s vigilance, v3’s valor. Ingrid’s imprecation: addon’s aegis, Node’s nexus.
Links:
EN_DotSecurity2017_006_009.md