HackerTrans
TopNewTrendsCommentsPastAskShowJobs

glimow

no profile record

Submissions

[untitled]

1 points·by glimow·قبل سنتين·0 comments

[untitled]

1 points·by glimow·قبل سنتين·0 comments

Launch HN: Escape (YC W23) – Discover and secure all your APIs

96 points·by glimow·قبل سنتين·34 comments

[untitled]

1 points·by glimow·قبل 3 سنوات·0 comments

Show HN: APIRank.dev – We crawled and ranked public APIs from the internet

apirank.dev
176 points·by glimow·قبل 3 سنوات·60 comments

Show HN: Openapi.security, a fast security checker for REST-based API

openapi.security
15 points·by glimow·قبل 3 سنوات·18 comments

Show HN: GraphQL Armor – An open source security layer for GraphQL

github.com
3 points·by glimow·قبل 4 سنوات·0 comments

Show HN: GraphQL Armor – A middleware to make GraphQL more secure than REST

github.com
4 points·by glimow·قبل 4 سنوات·0 comments

Show HN: Graphman – Quickly scaffold a postman collection for any GraphQL API

github.com
10 points·by glimow·قبل 4 سنوات·0 comments

comments

glimow
·قبل سنتين·discuss
Sure, we count Developers who committed to the API repository in the last three months.

Hope that makes it more clear!
glimow
·قبل سنتين·discuss
Sure, Escape and Akita are quite different: 1) Escape is primarily for Security Engineers, Akita is more for developers 2) Escape discovers API with external scans, Akita discovers API by observing live traffic 3) Escape is a proactive security tool that finds issues before production, Akita is a monitoring tool that detects errors in live traffic
glimow
·قبل سنتين·discuss
We created specific safeguards for production mode; for instance, Escape doesn't launch any DELETE requests in prod mode.

You can also manually configure an allowlist/blocklist of operations for specific use cases.
glimow
·قبل سنتين·discuss
Hey there, so py-multiauth is a great project that we love, but it didn't get enough attention from the community for us to afford to maintain it outside of our main codebase.

Since then, we have completely revamped it to create py-multiauth v2 that supports basically all form of authentication as you can see in the docs https://docs.escape.tech/authentication/

py-multiauth v2 is not open source for now, but our eng team might be ok to open source it if there is interest from the community
glimow
·قبل سنتين·discuss
Thank you! Hope you will like it
glimow
·قبل سنتين·discuss
Thank you for the positive vibes.

We try to make our product as straightforward as possible. It’s a long journey for such technical topic but it gets better everyday.

And we listen to feedback. I’ll take a look at Azure Marketplace.
glimow
·قبل سنتين·discuss
The « Launch HN » posts, like this one, follow quite standard community guidelines that includes having a detailed description of how the product works to bring value to technical people from the HN community.

Of course, for investors, we would have written things differently, but we are not looking to raise money at the moment.

Hope that makes it more clear!
glimow
·قبل سنتين·discuss
Hello, although we know HN's rules, some of our users don't. They just tried to help without telling us.

I guess we can be proud that they are our users and wanted to help. There was no intent to break HN's rules. We apologize for that happening, and we have told them about the rules so it doesn't happen again.
glimow
·قبل سنتين·discuss
Hello motoxpro, the pricing page is accessible inside the product during the free trial.

Although, by nature, the security market is mostly enterprise, we do have plans for startups and SMB as well. Happy to have your feedback on our pricing btw, always something hard to get right.
glimow
·قبل سنتين·discuss
Hello btown, you are indeed raising legitimate questions here.

You are right in the sense that using automated security testing tools in production creates a risk. But there are workarounds:

1) Most of Escape's security scans happen on staging or pre-prod environments, where there is little risk of breaking something critical or finding real customer data.

2) We have designed a specific scan mode for production APIs, that is made with safety in mind. It will not attempt the riskiest attack scenarios and, thus will be safe for production use at the cost of scanning depth.

You can chose a scan mode when adding a new application for testing in Escape. So far, most of our users use both modes, one for the production environment and one for the development environment, to spot bugs early.

No user ever had problems with the production scanning mode.

By the way, the core algorithm powering Escape is more a graph traversal algorithm than LLMs. We do use a small, self-hosted LLM for specific inference tasks, but everything is made in-house, and we don't use OpenAI or any other inference API.

Hope that helps!
glimow
·قبل سنتين·discuss
Thank you, yes, we originally supported GraphQL only and released REST scanning support a few months ago. We plan to support all types of APIs ultimately.
glimow
·قبل سنتين·discuss
[dead]
glimow
·قبل سنتين·discuss
Hello, we limited the registration to personal email because too many people were trying to scan APIs that didn't belong to them.

Mind you that you can also use your personal GitHub account to register because we noticed people are way less likely to do risky stuff with their Github account than with a personal email :)
glimow
·قبل 3 سنوات·discuss
I agree that there is a lot of room for improvement. We are a small team and we had to start somewhere to have feedback from the community and improve accordingly :)

Thanks for the great ideas, I share your opinion on those
glimow
·قبل 3 سنوات·discuss
This is on the way!
glimow
·قبل 3 سنوات·discuss
This is an experimental research we did mostly because we thought it was cool and new.

There are limitations indeed, though if you compare similar APIs with similar business intent, their structure should also have similarity, unlike your example.

For the popularity metrics, I will take a look - I admit we can do better :)
glimow
·قبل 3 سنوات·discuss
All hail the holy API :))
glimow
·قبل 3 سنوات·discuss
I agree with your point, yet we thought the data we gathered could be interesting, for instance we observe that ~60% of routes have human readable comments, but less than 10% have actual examples.
glimow
·قبل 3 سنوات·discuss
We used Algolia free tier for the search but all the credits were consumed :') I take this as a learning for our next side project
glimow
·قبل 3 سنوات·discuss
We use Algolia free tier for the search, perhaps we have reached the limit :')