Technical Insights
Deep dives into ESLint security, JavaScript performance, and modern development practices.
The 30-Minute Security Audit: Onboarding a New Codebase
How to assess a new codebase in under 30 minutes using automated security linting. Perfect for acquisitions, new hires, or CTOs inheriting legacy code.
Ofri Peretz
Ofri PeretzCOPY FROM Exploits: When PostgreSQL Reads Your Filesystem
PostgreSQL's COPY FROM can read any file the database user can access. Here's how attackers exploit it.
Ofri PeretzThe N+1 Insert Loop That Slowed Our API to a Crawl
50ms per insert × 1000 rows = 50 seconds. Here's how to detect and fix N+1 loop patterns in PostgreSQL.
Ofri Peretzsearch_path Hijacking: The PostgreSQL Attack You've Never Heard Of
A dynamic search_path lets attackers hijack your SQL queries. Here's how this obscure attack works and how to prevent it.
Ofri PeretzGetting Started with eslint-plugin-express-security
Express.js security in 60 seconds. 9 rules for CORS, cookies, rate limiting, and middleware security.
Ofri PeretzGetting Started with eslint-plugin-nestjs-security
NestJS security in 60 seconds. 5 rules for guards, validation, and rate limiting.
Ofri PeretzGetting Started with eslint-plugin-lambda-security
AWS Lambda security in 60 seconds. 13 rules for OWASP Serverless Top 10 coverage.
Ofri PeretzGetting Started with eslint-plugin-browser-security
Browser security in 60 seconds. 21 rules for XSS, storage, postMessage, and CSP.
Ofri PeretzGetting Started with eslint-plugin-jwt
JWT security in 60 seconds. 13 rules for algorithm confusion, weak secrets, and missing validation.
Ofri PeretzGetting Started with eslint-plugin-crypto
Cryptography security in 60 seconds. 24 rules for weak algorithms, random generation, and key management.