Security Expert at iteratec. I break your software before other people do, and then help you secure it afterwards :).
Nothing here yet.
During a security engagement with my employer, iteratec, I found and reported a security issue that allowed me to completely compromise the internal customer service frontend of a payment processor, which would have let us steal customer information ...

This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the context. In the previous article, we discussed how you can leverage static code analysis using semgrep ...

In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...
