rccyx
diff --git a/‎infra/terraform.tfstate‎
Lines changed: 24 additions & 76 deletions b/‎infra/terraform.tfstate‎
Lines changed: 24 additions & 76 deletions
diff --git a/‎infra/terraform.tfstate.backup‎
Lines changed: 14 additions & 44 deletions b/‎infra/terraform.tfstate.backup‎
Lines changed: 14 additions & 44 deletions
diff --git a/‎public/blogs/branded-types.mdx‎
Lines changed: 1 addition & 1 deletion b/‎public/blogs/branded-types.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎public/blogs/code-silos.mdx‎
Lines changed: 2 additions & 2 deletions b/‎public/blogs/code-silos.mdx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎public/blogs/csrf-mitigation.mdx‎
Lines changed: 7 additions & 7 deletions b/‎public/blogs/csrf-mitigation.mdx‎
Lines changed: 7 additions & 7 deletions
@@ -62,37 +62,24 @@
             "bucket_regional_domain_name": "ashgw-blog-public-general.s3.us-east-2.amazonaws.com",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "max_age_seconds": 3000
               }
             ],
             "force_destroy": false,
             "grant": [
               {
                 "id": "",
-                "permissions": [
-                  "READ"
-                ],
+                "permissions": ["READ"],
                 "type": "Group",
                 "uri": "http://acs.amazonaws.com/groups/global/AllUsers"
               },
               {
                 "id": "e420affff348dc73cd2e823658c3fbe2bcfda717547ca27db9df24c350f45e75",
-                "permissions": [
-                  "FULL_CONTROL"
-                ],
+                "permissions": ["FULL_CONTROL"],
                 "type": "CanonicalUser",
                 "uri": ""
               }
@@ -151,37 +138,24 @@
             "bucket_regional_domain_name": "ashgw-blog-public-images.s3.us-east-2.amazonaws.com",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "max_age_seconds": 3000
               }
             ],
             "force_destroy": false,
             "grant": [
               {
                 "id": "",
-                "permissions": [
-                  "READ"
-                ],
+                "permissions": ["READ"],
                 "type": "Group",
                 "uri": "http://acs.amazonaws.com/groups/global/AllUsers"
               },
               {
                 "id": "e420affff348dc73cd2e823658c3fbe2bcfda717547ca27db9df24c350f45e75",
-                "permissions": [
-                  "FULL_CONTROL"
-                ],
+                "permissions": ["FULL_CONTROL"],
                 "type": "CanonicalUser",
                 "uri": ""
               }
@@ -358,19 +332,10 @@
             "bucket": "ashgw-blog-public-general",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "id": "",
                 "max_age_seconds": 3000
               }
@@ -380,9 +345,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         },
         {
           "index_key": "1",
@@ -391,19 +354,10 @@
             "bucket": "ashgw-blog-public-images",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "id": "",
                 "max_age_seconds": 3000
               }
@@ -413,9 +367,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         }
       ]
     },
@@ -525,9 +477,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         },
         {
           "index_key": "1",
@@ -542,9 +492,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         }
       ]
     }
 
@@ -90,9 +90,7 @@
             "grant": [
               {
                 "id": "e420affff348dc73cd2e823658c3fbe2bcfda717547ca27db9df24c350f45e75",
-                "permissions": [
-                  "FULL_CONTROL"
-                ],
+                "permissions": ["FULL_CONTROL"],
                 "type": "CanonicalUser",
                 "uri": ""
               }
@@ -154,9 +152,7 @@
             "grant": [
               {
                 "id": "e420affff348dc73cd2e823658c3fbe2bcfda717547ca27db9df24c350f45e75",
-                "permissions": [
-                  "FULL_CONTROL"
-                ],
+                "permissions": ["FULL_CONTROL"],
                 "type": "CanonicalUser",
                 "uri": ""
               }
@@ -333,19 +329,10 @@
             "bucket": "ashgw-blog-public-general",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "id": "",
                 "max_age_seconds": 3000
               }
@@ -355,9 +342,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         },
         {
           "index_key": "1",
@@ -366,19 +351,10 @@
             "bucket": "ashgw-blog-public-images",
             "cors_rule": [
               {
-                "allowed_headers": [
-                  "*"
-                ],
-                "allowed_methods": [
-                  "GET",
-                  "HEAD"
-                ],
-                "allowed_origins": [
-                  "*"
-                ],
-                "expose_headers": [
-                  "ETag"
-                ],
+                "allowed_headers": ["*"],
+                "allowed_methods": ["GET", "HEAD"],
+                "allowed_origins": ["*"],
+                "expose_headers": ["ETag"],
                 "id": "",
                 "max_age_seconds": 3000
               }
@@ -388,9 +364,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         }
       ]
     },
@@ -500,9 +474,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         },
         {
           "index_key": "1",
@@ -517,9 +489,7 @@
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
-          "dependencies": [
-            "module.public_content.aws_s3_bucket.buckets"
-          ]
+          "dependencies": ["module.public_content.aws_s3_bucket.buckets"]
         }
       ]
     }
 
@@ -189,5 +189,5 @@ const baz2 = requestBaz(foo.id, bar.id);
   showLineNumbers={true}
 />
 <C>
-`ts-roids` is a library I created this week, the goal is to bulletproof TypeScript with types and decorators, it includes more than 120+ utilities, you can check it out <L href="https://github.com/ashgw/ts-roids">here</L>.
+Oh btw,`ts-roids` is a library I created this week, the goal is to bulletproof TypeScript with types and decorators, it includes more than 120+ utilities at the time of writing, you can check it out <L href="https://github.com/ashgw/ts-roids">here</L>.
 </C>
@@ -32,9 +32,9 @@ By documenting critical decisions, including the thought process behind them, we
 Knowledge should be dispersed throughout the entire project rather than being concentrated in the hands of a select few. 
 </C>
 <C>
-The project should be self-explanatory. When introducing a new <L href="/blog/bootcamp-ripoff">decent</L> developer to the codebase, they should require **NO** clarification from others. They can simply read the code and relevant documents, [easily setup]() the project and **immediately** begin making significant contributions.
+The project should be self-explanatory. When introducing a new <L href="/blog/tag/skill-issues">decent</L> developer to the codebase, they should require **NO** clarification from others. They can simply read the code and relevant documents, [easily setup]() the project and **immediately** begin making significant contributions.
 Detailed documentation is necessary for facilitating smooth onboarding, providing newcomers with the necessary insights to navigate the codebase independently. It should encompass technical specifications, design rationale, coding conventions, and best practices – essentially, every decision made in the project from the ground up. 
 </C>
 <C>
-If you have code silos, it indicates a lack of quality in the project code. In such cases, an <L href="/services/code-audits">independent code audits</L> from time to time may be necessary to save you from a full project re-write.
+If you have code silos, it indicates a lack of quality in the project code. In such cases, an <L href="/services/code-audits">independent code audit</L> won't hurt from time to time.
 </C>
@@ -4,16 +4,16 @@ seoTitle: CSRF Mitigation techniques
 summary: If you're vulnerable to XSS, none of this will work
 isReleased: true
 isSequel: false
-lastModDate: 2022-09-04T09:15:00-0401
-firstModDate: 2022-09-04T09:15:00-0401
+lastModDate: 2020-09-04T09:15:00-0401
+firstModDate: 2020-09-04T09:15:00-0401
 minutesToRead: 7
 tags:
   - 'csrf'
   - 'cybersec'
 ---
 
 <C>
-If you don't rely on a framework to do the heavy lifting for you, or a third party library. As I always say: you have to [understand]() the subject before you abstract it. Here's how to do it manually, but first note thhat none of the techniques below will work if you're already [XSS]() vulnerable
+If you don't rely on a framework to do the heavy lifting for you, or a third party library. As I always say that you have to [understand]() the subject before you abstract it. Here's how to do it manually, but first note that none of the techniques below will work if you're already [XSS]() vulnerable
 </C>
 <H2>Where Did The Request Come From?</H2>
 <C>
@@ -134,10 +134,10 @@ func generateHMAC(secret, message string) string {
   showLineNumbers={false}
 />
 <C>
-On the server side, when handling incoming requests, the server decodes or decrypts the JWT or JWE to extract the UUID. Simultaneously, it decodes the HMAC-CSRF token, verifies its integrity using the stored secret key, if the integrity was not preserved, the server blocks, else it extracts the UUID. If the extracted UUIDs do not match, there is a potential indication of tampering or unauthorized access, the server blocks.
+On the server side, when handling incoming requests, the server decodes or decrypts the JWT or JWE to extract the UUID. Simultaneously, it decodes the HMAC-CSRF token, verifies its integrity using the stored secret key, if the integrity was not preserved, the server logs, and blocks, else it extracts the UUID. If the extracted UUIDs do not match, there is a potential indication of tampering or unauthorized access, the server logs, and blocks.
 </C>
 
-<H3>Stateleful Services</H3>
+<H3>Stateful Services</H3>
 <C>
 As in, you use a database to store a user's session, the cookie is just a reference to the user session, like an ID. Use the Synchronizer Pattern: 
 </C>
@@ -238,7 +238,7 @@ If you want to see a framework implementation of the synchronized pattern , chec
 </C>
 <H2>Cookies</H2>
 <C>
-Avoid setting cookies with a specific domain to minimize security risks. When a cookie is domain-specific, all subdomains share that cookie, which can pose risks if subdomains are linked to external domains through CNAME records.
+Avoid setting cookies with a specific domain to minimize security risks. When a cookie is domain-specific, all subdomains share that cookie, which can pose risks if you get hit with a <L href="https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers">subdomain takeover</L> attack.
 </C><C>
 For session cookies, ensure they are protected by:
 </C><C>
@@ -283,5 +283,5 @@ Requiring users to authenticate using their password, biometric data, security q
 </C>
 <H2>HTTP Methods</H2>
 <C>
-And oh yeah, this is obvious but, For any state changing request,  DON'T USE  [safe methods]().
+And oh yeah, did I mention that for any state changing request,  DON'T USE  [safe methods]().
 </C>