Artem SmotrakovinBetter ProgrammingHow To Find and Fix Timing Attacks in Your Java CodePrevent timing attacks with CodeQL·4 min read·Aug 9, 2021----
Artem SmotrakovinGeek CultureDetecting Jackson deserialization vulnerabilities with CodeQLHow to find, fix and prevent them from occurring in the future·3 min read·Aug 2, 2021----
Artem SmotrakovinGeek CultureDetect dangerous RMI objects with CodeQLHow to find and fix Java RMI deserialization vulnerabilities·2 min read·Jun 2, 2021----
Artem SmotrakovinInfoSec Write-upsDetecting Jakarta Expression Language injections with CodeQLHow to use CodeQL to find EL injections and fix them·4 min read·Apr 14, 2021----
Artem SmotrakovinInfoSec Write-upsWS-2016-7107: CSRF tokens in Spring and the BREACH attackRecently WhiteSource security scanner started reporting WS-2016-7107 against Spring-based applications. This is an old issue that was…·2 min read·Apr 14, 2021----
Artem SmotrakovВ поездеСел в поезд. Стыдно признаться — в купейный вагон. Последнее время чаще себя балую. Но и цена радует, ведь она такая же, как в плацкартном…·2 min read·Apr 12, 2021----
Artem SmotrakovinInfoSec Write-upsDetect Dangerous Spring Service Exporters With CodeQLHow to make sure that CVE-2016-1000027 does not affect your application·4 min read·Mar 25, 2021----
Artem SmotrakovFosstars: a framework for defining ratings for open source projectsI recently wrote a blog post about a project I have been working on at SAP for a year. The project is called Fosstars. It is an…·1 min read·Mar 23, 2021----
Artem SmotrakovinBetter ProgrammingExpression Language Injections in JavaHow to detect JEXL injections with CodeQL·6 min read·Feb 21, 2021----
Artem SmotrakovinPython in Plain EnglishReading a photoresistor on ESP32 with MicroPythonA tutorial that covers everything from a circuit to uploading code to ESP32·3 min read·Jan 10, 2021----