Max' Musings on Security

Max' Musings on Security

Follow
homebadgesnewsletter

Spring Actuator Security, Part 3: Finding Exposed Actuators using Dynamic Testing with ffuf

Dec 9, 20229 min read

This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the...

Spring Actuator Security, Part 3: Finding Exposed Actuators using Dynamic Testing with ffuf

Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep

Sep 14, 202213 min read

In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't...

Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep

Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators

Sep 12, 202210 min read

Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit...

Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators