Marco Ippolito

Marco Ippolito

Marco is a Senior Security Engineer at HeroDevs. Active contributor, releaser, and member of the Node.js Technical Steering Committee, he is a renowned international speaker and a Microsoft MVP. Marco is actively involved in many projects within the Node.js ecosystem and also serves as a delegate in TC39.
Open Source Software: Open Governance or for-profit Startups?
Node Congress 2024Node Congress 2024
Recording pending
Open Source Software: Open Governance or for-profit Startups?
OWASP Top Ten Security Vulnerabilities in Node.js
JSNation 2024JSNation 2024
97 min
OWASP Top Ten Security Vulnerabilities in Node.js
Workshop
In this workshop, we'll cover the top 10 most common vulnerabilities and critical security risks identified by OWASP, which is a trusted authority in Web Application Security.During the workshop, you will learn how to prevent these vulnerabilities and develop the ability to recognize them in web applications.The workshop includes 10 code challenges that represent each of the OWASP's most common vulnerabilities. There will be given hints to help solve the vulnerabilities and pass the tests.The trainer will also provide detailed explanations, slides, and real-life examples in Node.js to help understand the problems better. Additionally, you'll gain insights from a Node.js Maintainer who will share how they manage security within a large project.It's suitable for Node.js Developers of all skill levels, from beginners to experts, it requires a general knowledge of web application and JavaScript.
Table of contents:- Broken Access Control- Cryptographic Failures- Injection- Insecure Design- Security Misconfiguration- Vulnerable and Outdated Components- Identification and Authentication Failures- Software and Data Integrity Failures- Security Logging and Monitoring Failures- Server-Side Request Forgery
Mastering Node.js Test Runner
Node Congress 2024Node Congress 2024
117 min
Mastering Node.js Test Runner
Workshop
Node.js test runner is modern, fast, and doesn't require additional libraries, but understanding and using it well can be tricky.You will learn how to use Node.js test runner to its full potential.We'll show you how it compares to other tools, how to set it up, and how to run your tests effectively. During the workshop, we'll do exercises to help you get comfortable with filtering, using native assertions, running tests in parallel, using CLI, and more. We'll also talk about working with TypeScript, making custom reports, and code coverage.
Creating an HTTP Server from Scratch with Node-addon-api, Libuv, and Milo
Node Congress 2024Node Congress 2024
18 min
Creating an HTTP Server from Scratch with Node-addon-api, Libuv, and Milo
Let's explore the magic behind Node.js and create a simple http server! We'll go step-by-step, understanding how libuv makes node asyncronous and how Milo helps our server parse HTTP request. We'll use node-addon-api to create the bridge between c++ and javascript.                                       
Mastering Node.js Test Runner
TestJS Summit 2023TestJS Summit 2023
78 min
Mastering Node.js Test Runner
Workshop
Node.js test runner is modern, fast, and doesn't require additional libraries, but understanding and using it well can be tricky. You will learn how to use Node.js test runner to its full potential. We'll show you how it compares to other tools, how to set it up, and how to run your tests effectively. During the workshop, we'll do exercises to help you get comfortable with filtering, using native assertions, running tests in parallel, using CLI, and more. We'll also talk about working with TypeScript, making custom reports, and code coverage.
Exploring Node.js Test Runner
TestJS Summit 2023TestJS Summit 2023
28 min
Exploring Node.js Test Runner
The talk "Exploring Node.js Test Runner" delves into the concept of a test runner, shedding light on its essential role within the Node.js ecosystem. It provides an overview of why the development of a test runner for Node.js took considerable time, and presents an exploration of its inner workings.
Measuring the Cost of a GraphQL Query with mercurius-explain
Node Congress 2023Node Congress 2023
7 min
Measuring the Cost of a GraphQL Query with mercurius-explain
The development experience with GraphQL makes for a simple and immediate way to access data. Working on the backend means focusing on how and where the data is obtained from, whereas the frontend focuses on retrieving the data necessary for computation and display. This freedom of action, however, hides some possible performance problems. Fragments let you construct sets of fields, and then include them in queries where they’re needed. Often a client requests unnecessary data in an API call with the assumption that the extra fields are free. Instead, they are the cause of extra queries, sometimes even expensive ones. Not knowing the cost of a query makes it impossible to perform optimisation correctly.