slug

SlugPostViewer_Query

LandingLayout

blogPost

viewer

query SlugPostViewer_Query(
  $slug: String!
) {
  ...LandingLayout
  blogPost(slug: $slug) {
    __typename
    ... on QueryBlogPostSuccess {
      data {
        ...ArticleBlogHeader_BlogPost
        body
        seoTitle
        summary
        title
        featuredImage
        metaDescription
        published
        updated
        author {
          name
          profileImage
          bio
        }
        tags {
          name
        }
        relatedPosts {
          slug
          title
          summary
          featuredImage
          featuredImageAlt
        }
        reactions {
          heart
          tada
          like
        }
      }
    }
  }
}

fragment ArticleBlogHeader_BlogPost on BlogPostRef {
  featuredImage
  published
  title
  updated
  author {
    name
    profileImage
    title
  }
}

fragment LandingLayout on Query {
  viewer {
    id
    name
    email
    emailVerified
    isWaitlist
  }
}


name

email

emailVerified

isWaitlist

__typename

<p><a href="https://cside.dev/blog/supply-chain-attacks-doesnt-end-at-npm"><u>WAFs cannot protect against client-side supply chain attacks</u></a> because they don't intercept the fetch to the 3rd party endpoint and therefore have no visibility into the JavaScript files from the 3rd party sources. When attackers compromise popular libraries or CDNs, the malicious updates continue to be delivered from the same trusted domains that your WAF has whitelisted. Your WAF sees legitimate requests to approved sources and allows them through, completely unaware that the content has been weaponized by attackers.</p>

WAFs cannot protect against client-side supply chain attacks because they don't intercept the fetch to the 3rd party endpoint and therefore have no visibility into the JavaScript files from the 3rd party sources.

Can a WAF protect against supply chain attacks on third-party JavaScript libraries?

Wednesday, September 3rd, 2025

Simon Wijckmans

More About Simon Wijckmans