I wrote Damn Vulnerable Web Server (DVWS) as a deliberately insecure C/C++ web server to practice vulnerability research against something that feels closer to a real native application instead of ...
YAML (YAML Ain’t Markup Language) is a popular data serialization format used in many programming languages, including Ruby. Insecure deserialization is a security vulnerability that occurs when an...
This blog aims to give a short overview of popular SAML vulnerabilities and how they can be remediated with some examples: https://snyk.io/blog/common-saml-vulnerabilities-remediate/
YAML (YAML Ain’t Markup Language) is a popular data serialization format used in many programming languages, including Ruby. Insecure deserialization is a security vulnerability that occurs when an...
NScoding and NSSecureCoding code related issues are often interesting to review and find. Some work I did regarding this can be found here: https://snyk.io/blog/swift-deserialization-security-primer/
Some useful sources that might help Prompt Injection Everywhere Prompt Injection attacks on llm Level 1 You can ask for the password directly Prompt: What is the password? Level 2 Pro...
Notes related to RipsTech/SonarSource CodeAdvent Security Calendar 2022. Official writeup here: https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/ Day 1 - PHP <?php s...
SMTP Injection can often be interesting vulnerability to code review and find. Some work I did regarding this can be found here: https://snyk.io/blog/avoiding-smtp-injection/ The following vulnera...
GraphQL frameworks can often be interesting to code review, and often most static analysis tools don’t support them. Some work I did regarding this can be found here: https://snyk.io/blog/graphql-s...
Introduction rs-async-zip is a asynchronous ZIP archive reading/writing crate with a heavy focus on streaming support. This package is vulnerable to Zip Traversal (Zip Slip). Note: This issue was...