Please Stop Calling GenAI "Useless"
There are many valid criticisms of GenAI / LLM technology. "They are useless" is not one of them.
Mar 6, 202515 min read
Command Palette
Search for a command to run...
Latest articles
Encryption Isn't Enough: Compromising a Payment Processor using Math
A cryptographic vulnerability, and what it can teach us about system architecture
Feb 26, 202517 min read
Spring Actuator Security, Part 3: Finding Exposed Actuators using Dynamic Testing with ffuf
This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the context. In the previous article, we discussed how you can leverage static code analysis using semgrep ...
Dec 9, 20228 min read
Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep
In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...
Sep 14, 202213 min read
Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators
Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a whitebox audit is act...
Sep 12, 202210 min read