Security Expert at iteratec. I break your software before other people do, and then help you secure it afterwards :).
Nothing here yet.
Mar 6, 2025 · 15 min read · A common shorthand I am seeing in criticisms of Generative AI technologies is that GenAI / LLMs are “useless”. This shows up again and again, especially in hot takes on Mastodon, and sometimes from people whose professional work I deeply respect. Whi...
Join discussion
Feb 26, 2025 · 17 min read · During a security engagement with my employer, iteratec, I found and reported a security issue that allowed me to completely compromise the internal customer service frontend of a payment processor, which would have let us steal customer information ...
Join discussion
Dec 9, 2022 · 8 min read · This is part three of a series on the security implication of Spring Actuators. I recommend having read at least the first part to understand the context. In the previous article, we discussed how you can leverage static code analysis using semgrep ...
Join discussion
Sep 14, 2022 · 13 min read · In the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...
Join discussion
Sep 12, 2022 · 10 min read · Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a whitebox audit is act...
CRShai and 1 more commented
