Follow
Series

Spring Actuator Security

In this series, I discuss the security implications of Spring Actuators, and use them as an example to introduce a number of helpful tools that you can use in your day-to-day security testing.

Articles in this series

Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators

Sep 12, 202210 min read

Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit...

Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators
Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrep
Spring Actuator Security, Part 3: Finding Exposed Actuators using Dynamic Testing with ffuf