I recently passed Security Blue team level 1 exam. I got a free voucher from Security Blue Team booth at BSides London 2023, and been wanting to do this exam for a while. I found the course pretty ...

I wrote Damn Vulnerable Web Server (DVWS) as a deliberately insecure C/C++ web server to practice vulnerability research against something that feels closer to a real native application instead of ...

YAML (YAML Ain’t Markup Language) is a popular data serialization format used in many programming languages, including Ruby. Insecure deserialization is a security vulnerability that occurs when an...

This blog aims to give a short overview of popular SAML vulnerabilities and how they can be remediated with some examples: https://snyk.io/blog/common-saml-vulnerabilities-remediate/

YAML (YAML Ain’t Markup Language) is a popular data serialization format used in many programming languages, including Ruby. Insecure deserialization is a security vulnerability that occurs when an...

NScoding and NSSecureCoding code related issues are often interesting to review and find. Some work I did regarding this can be found here: https://snyk.io/blog/swift-deserialization-security-primer/

Some useful sources that might help Prompt Injection Everywhere Prompt Injection attacks on llm Level 1 You can ask for the password directly Prompt: What is the password? Level 2 Pro...

Notes related to RipsTech/SonarSource CodeAdvent Security Calendar 2022. Official writeup here: https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/ Day 1 - PHP <?php s...

SMTP Injection can often be interesting vulnerability to code review and find. Some work I did regarding this can be found here: https://snyk.io/blog/avoiding-smtp-injection/ The following vulnera...

GraphQL frameworks can often be interesting to code review, and often most static analysis tools don’t support them. Some work I did regarding this can be found here: https://snyk.io/blog/graphql-s...