The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what...
The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what order the checks run in — because the difference between a hash map lookup and a regex match is two orders of magnitude, and you're doing this on every single request.
Six-stage pipeline. Production. 50+ client websites, 100K+ daily requests. I'll trace one request through all of it.
http
POST /api/login HTTP/1.1
Host: client-website.com
Most security tooling works by asking you to define what "bad" looks like upfront. Falco gives you...
Most developers learn backend development backwards. They start with frameworks like Express.js,...
An attacker injects a malicious payload through a seemingly benign API endpoint, bypassing validation...
A Web Application Firewall is useful, but it is not a magic shield. In real environments, the...
The Problem We Were Actually Solving The engine began as a single Elixir cluster running...
by Rashed We shipped an auth bandaid at 2am. Cookies wouldn't flow between platform.ginilab.com and...
