With new version of Claude model, I would like to compare it to GPT-4 in threat modeling.

The quality of input data is crucial for LLMs to perform effectively. Learn how you can use these LLMs to improve your architectural descriptions. Explore the new feature in my ai-threat-modeling-action GitHub action.

We put the leading AI models to the test in threat modeling. Let's dive into the results and see which one comes out on top.

In this article, I delve into the AI Nutrition-Pro experiment, a research project exploring the potential of LLMs in enhancing security practices during the design phase of DevSecOps: threat modeling and security review.

In this final part of mitigation guide we will explore doyensec/safeurl library for Go.

Input validation is one of most important technique in secure coding. Deep dive into it for Go language.

Server-Side Request Forgery (SSRF) vulnerabilities have been around for a long time, and they still pose a significant threat to web applications, so much so this kind of vulnerability has been included in OWASP TOP 10. This time I will explain how to mitigate SSRF vulnerability in Go applications.

What is Threat Modeling? First of all, it’s just thinking about threats. We all do it, every day 😃 How someone could break into my house? But wait a second. How do you know that you need to protect your house in the first place? Maybe you don’t have a house, or maybe you don’t have money right now to buy deterrents. Or maybe your family thinks you are a bit paranoid? 😕

In October 2021 I was researched ingress-nginx for possibility to bypass external authentication using path traversal. It was origin story for other investigations regarding insecure usage of $request_uri which leaded to Apache APISIX CVE-2021-43557.

To successful bypass access control using path traversal in $request_uri, you need to have buggy authentication/authorization service. Buggy in a way it’s not normalizing url/uri that is part of access control decision. Let me find more of those on github that are relying on X-Original-Url.