Artem SmotrakovinBetter ProgrammingHow To Find and Fix Timing Attacks in Your Java CodePrevent timing attacks with CodeQLAug 9, 2021Aug 9, 2021
Artem SmotrakovinGeek CultureDetecting Jackson deserialization vulnerabilities with CodeQLHow to find, fix and prevent them from occurring in the futureAug 2, 2021Aug 2, 2021
Artem SmotrakovinGeek CultureDetect dangerous RMI objects with CodeQLHow to find and fix Java RMI deserialization vulnerabilitiesJun 2, 2021Jun 2, 2021
Artem SmotrakovinInfoSec Write-upsDetecting Jakarta Expression Language injections with CodeQLHow to use CodeQL to find EL injections and fix themApr 14, 2021Apr 14, 2021
Artem SmotrakovinInfoSec Write-upsWS-2016-7107: CSRF tokens in Spring and the BREACH attackRecently WhiteSource security scanner started reporting WS-2016-7107 against Spring-based applications. This is an old issue that was…Apr 14, 2021Apr 14, 2021
Artem SmotrakovВ поездеСел в поезд. Стыдно признаться — в купейный вагон. Последнее время чаще себя балую. Но и цена радует, ведь она такая же, как в плацкартном…Apr 12, 2021Apr 12, 2021
Artem SmotrakovinInfoSec Write-upsDetect Dangerous Spring Service Exporters With CodeQLHow to make sure that CVE-2016-1000027 does not affect your applicationMar 25, 2021Mar 25, 2021
Artem SmotrakovFosstars: a framework for defining ratings for open source projectsI recently wrote a blog post about a project I have been working on at SAP for a year. The project is called Fosstars. It is an…Mar 23, 2021Mar 23, 2021
Artem SmotrakovinBetter ProgrammingExpression Language Injections in JavaHow to detect JEXL injections with CodeQLFeb 21, 2021Feb 21, 2021
Artem SmotrakovinPython in Plain EnglishReading a photoresistor on ESP32 with MicroPythonA tutorial that covers everything from a circuit to uploading code to ESP32Jan 10, 2021Jan 10, 2021