Search for a command to run...
Series
In this series, I discuss the security implications of Spring Actuators, and use them as an example to introduce a number of helpful tools that you can use in your day-to-day security testing.
This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the context. In the previous article, we discussed how you can leverage static code analysis using semgrep ...
In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...
Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a whitebox audit is act...
