Let’s face it—security engineers spend way too much time doing repetitive support work: answering the same questions, triaging issues, nudging people through processes. What if we could delegate all that to a friendly assistant who never gets tired?

Well, I just built that. A helpful, AI powered …

LFI and Path traversal are not a new thing, but what most people don’t understand is the full impact of the vulnerability.

In this post I’ll cover different attack scenarios when exploiting a LFI vulnerability, like enumerating process, dumping environment variables, and on more extreme …

For a long time I’ve been struggling with the way authentication systems work, as they don’t protect your password as they should. If you search for login best practices, like in OWASP, they’ll tell you things like hashing the password with a strong algorithm, use salt and pepper, …

First time I heard about mass assignment vulnerabilities was a long time ago, when I started learning Ruby & Rails. In fact I learnt a lot, security related back then, as Rails is a quite complex and secure framework, and to properly work with it you should understand the underlying mechanisms. …

Once again, I bring a topic that I don’t see getting enough attention , and a lot of times this ends up being a big security issue in the targeted systems… Attacks with zip files, two different and interesting attacks.

ZipSlip

Zip Slip is a vulnerability discovered by Snyk and its a …