Gautier Ben Aïm - Escape - The API Security Blog

Leveraging Temporal for resilient remote procedure calls (RPC)

Temporal is not the first technology that comes to mind when discussing RPC technologies, but its broad feature set makes it a notable contender in this space.

TypeScript

Using Protobuf with TypeScript

We recently moved to Protobuf to enforce consistency. Discover the pros and cons of migration to Protobuf and follow the step-by-step guide to create a tiny TypeScript-Protobuf prototype.

TypeScript Monorepo

How to set up a TypeScript Monorepo

At Escape, we write our software in TypeScript because it allows us to iterate quickly without compromising on safety. While our codebase evolves a lot as we develop new features, its structure has been stable for a while now. This article aims to explain our current setup, how to put

API Security

The API Security Academy: Under the Hood

The API Security Academy is built upon a technology that comes straight from the future—and by that, we mean the brilliant minds at StackBlitz—WebContainers. You may already know regular containers, the ones you can run with Docker and Kubernetes, which are lightweight virtualization units that allow developers to

GraphQL

API Security Academy: a smarter way to learn GraphQL security

Learning about GraphQL security is now more accessible than ever! We're excited to introduce the API Security Academy, developed by the Escape team. Escape's API Security Academy is a free and open-source collection of interactive challenges that will teach you how to secure your GraphQL applications.

GraphQL Vulnerability

The 8 most common GraphQL vulnerabilities

We at Escape have been scanning GraphQL APIs for vulnerabilities for more than two years. In this post, we will share the most common GraphQL vulnerabilities, affecting close to all GraphQL APIs we have scanned. We strongly recommend you check your GraphQL APIs for these vulnerabilities.

Best Practices

GraphQL errors: the Good, the Bad and the Ugly

Managing GraphQL errors can be quite a challenging task, and we tried a lot of different approaches over time. Keep reading to know what we've learned along the way.

Rendering emails with Svelte

We recently rebuilt our whole email stack from scratch to improve the developer experience: we now have an instant feedback loop, leveraging a SvelteKit-powered dev server.

Migrating from Vue 2 to Svelte

After using Vue 2 as our front-end framework for almost two years, it was announced that this support would no longer be maintained, so we decided to migrate to a new framework. But which one to choose: Vue 3 or Svelte? Please note that our goals after the migration were

Achieving end-to-end type safety in a modern JS GraphQL stack – Part 2

Welcome back! This article is the second and last part of the Achieving end-to-end type safety in a modern JS GraphQL stack series. Read the first part if you haven't yet! Svelte I won't go into the details of why Svelte, but I like Svelte a

Achieving end-to-end type safety in a modern JS GraphQL stack – Part 1

In this article, we will create a simple GraphQL application, a message board, by combining many recent open-source technologies. This article aims to be a showcase of technologies that work well together rather than a complete tutorial on project setup. It is however a long read, so we decided to

Forging GraphQL Bombs, the 2022 version of Zip Bombs

Zip Bombs are a thing of the past, but the concept behind them is still relevant nowadays. Indeed, your GraphQL application might be vulnerable to what we'll call GraphQL Bombs in this article. Read on to know if you're vulnerable and how to secure your GraphQL