Search Hashnode

Search posts, tags, users, and pages

Discussion on "Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators" | Hashnode

Feed

Discussion

Max Maass

Building and breaking software before other people do :)

Sep 12, 2022

Spring Actuator Security, Part 1: Stealing Secrets Using Spring Actuators

Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a whitebox audit is act...

blog.maass.xyz10 min read

#spring #springboot #security #java #bugbounty

Responses(2)

Shai Almog

25 years ago I was lucky. I faced my debugging ignorance. It's a skill we don't learn at school. Hopefully I can help you reach a similar ep

Sep 12, 2022

Great post! Spring makes everything easy, including shooting yourself in the foot and exposing your entire DB accidentally.We need more awareness around these issues!

Most discussed in Forum

A
AI Replaces 95% of Developers — The 5% Who Survive Are 20x Better
19S M M A3d ago
A
I Replaced ChatGPT With Google NotebookLM — Here’s My Audit & Workflow
37C A A A5d ago
D
How much your coding timing shrinked after AI coding tools?
34B A2d ago
D
What’s one thing AI helped you do better - and one thing it made worse?
14R M2d ago
A
I Stopped Prompting GPT-5 — This 45-Line Context Engine Fixed My Hallucinations
13C A2d ago

View all threads

Ruben Scheedler

Advocate of Social Programming

Sep 12, 2022

Great article! I recently started using actuator, but was not aware of the risks you set out here. Thanks for sharing them

Recent in Forum

F
I built FreeHosts
14h ago
D
Why does AI make people feel inspired and insecure at the same time?
15h ago
R
What should be considered before turning a web app into a mobile app?
7h ago
D
Understanding the Transistor Symbol and Its Variations
7h ago
Z
Unpopular Opinion: A robust 2018 SpringBoot ERP is worth more than 10 modern Next.js Todo-apps.
18h ago

View all threads