Open in app

Sign In

Write

Sign In

Artem Smotrakov
Artem Smotrakov

277 Followers

Home

About

Published in

Better Programming

·Aug 9, 2021

How To Find and Fix Timing Attacks in Your Java Code

Prevent timing attacks with CodeQL — A message authentication code (MAC) or a digital signature may be used to authenticate a message and to protect its integrity. When checking a signature, it is better to use a constant-time algorithm. …

Programming

4 min read

How To Find and Fix Timing Attacks in Your Java Code
How To Find and Fix Timing Attacks in Your Java Code
Programming

4 min read


Published in

Geek Culture

·Aug 2, 2021

Detecting Jackson deserialization vulnerabilities with CodeQL

How to find, fix and prevent them from occurring in the future — If you use Jackson Databind library and run a security scanner, you might have received quite a lot of alerts about deserialization vulnerabilities. In the past, a new CVE pop up nearly every month when someone discovered a new deserialization gadget that could be used to exploit an application. Fortunately…

Java

3 min read

Java

3 min read


Published in

Geek Culture

·Jun 2, 2021

Detect dangerous RMI objects with CodeQL

How to find and fix Java RMI deserialization vulnerabilities — Java RMI uses the default Java deserialization mechanism for passing parameters during remote method invocations. In other words, RMI uses ObjectInputStream that is a well-known unsafe deserialization mechanism. …

Java

2 min read

Java

2 min read


Published in

InfoSec Write-ups

·Apr 14, 2021

Detecting Jakarta Expression Language injections with CodeQL

How to use CodeQL to find EL injections and fix them — Recently I wrote a post about detecting JEXL injections with CodeQL. JEXL is a library that provides an interpreter for a simple expression language (EL). This time, I’ll talk about injections with Jakarta Expression Language, and how they can be found with CodeQL. What is Jakarta Expression Language? Among other things, Jakarta EE contains a…

Java

4 min read

Detecting Jakarta Expression Language injections with CodeQL
Detecting Jakarta Expression Language injections with CodeQL
Java

4 min read


Published in

InfoSec Write-ups

·Apr 14, 2021

WS-2016-7107: CSRF tokens in Spring and the BREACH attack

Recently WhiteSource security scanner started reporting WS-2016-7107 against Spring-based applications. This is an old issue in Spring Security that was reported in 2016. Unfortunately, at the moment of writing it, the issue has not been fixed yet. But there is a pull request that should address it. The problem is…

Java

2 min read

WS-2016-7107: CSRF tokens in Spring and the BREACH attack
WS-2016-7107: CSRF tokens in Spring and the BREACH attack
Java

2 min read


Apr 12, 2021

В поезде

Сел в поезд. Стыдно признаться — в купейный вагон. Последнее время чаще себя балую. Но и цена радует, ведь она такая же, как в плацкартном вагоне, в котором я ехал позавчера. Наверное то был поезд фирменный, а этот какой-нибудь пассажирский, второсортный. И еще вагон древний. Или как кто-то скажет —…

Поезд

2 min read

В поезде
В поезде
Поезд

2 min read


Published in

InfoSec Write-ups

·Mar 25, 2021

Detect Dangerous Spring Service Exporters With CodeQL

How to make sure that CVE-2016-1000027 does not affect your application — In this blog post, I’ll talk about detecting unsafe Spring Exporters with a CodeQL query. First, I’ll describe the issue that received CVE-2016-1000027. Next, I’ll show what a vulnerable code looks like and how the issue can be mitigated in an application. Then, I’ll describe how the CodeQL query works…

Java

4 min read

Detect Dangerous Spring Service Exporters With CodeQL
Detect Dangerous Spring Service Exporters With CodeQL
Java

4 min read


Mar 23, 2021

Fosstars: a framework for defining ratings for open source projects

I recently wrote a blog post about a project I have been working on at SAP for a year. The project is called Fosstars. It is an…

Java

1 min read

Fosstars: a framework for defining ratings for open source projects
Fosstars: a framework for defining ratings for open source projects
Java

1 min read


Published in

Better Programming

·Feb 21, 2021

Expression Language Injections in Java

How to detect JEXL injections with CodeQL — In this article, I’ll discuss a CodeQL query for detecting JEXL Expression Language injection vulnerabilities. First, I’ll give a brief overview of expression languages in general and JEXL in particular. I’ll also explain what Expression Language injection is and how to prevent it. Then, I’ll describe how the CodeQL query…

Programming

6 min read

Expression Language Injections in Java
Expression Language Injections in Java
Programming

6 min read


Published in

Python in Plain English

·Jan 10, 2021

Reading a photoresistor on ESP32 with MicroPython

A photoresistor or a light-dependent resistor (LDR) is a resistor that changes its value (resistance) depending on light intensity. More precisely, when light falls upon it, the resistance decreases. It is normally used as a light or dark detector. For example, it may be used in a circuit that turns…

Esp32

3 min read

Reading a photoresistor on ESP32 with MicroPython
Reading a photoresistor on ESP32 with MicroPython
Esp32

3 min read

Artem Smotrakov

Artem Smotrakov

277 Followers

I write about Java, security, electronics and DIY

Following
  • Dan Lorenc

    Dan Lorenc

  • Alex Birsan

    Alex Birsan

  • The Hacker's Choice

    The Hacker's Choice

  • Jonathan Leitschuh

    Jonathan Leitschuh

See all (16)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams