/ Recent content on Security, Tech, And Ramblings Hugo -- gohugo.io en-us Copyright © {year} Sean Marpo. All Rights Reserved. Wed, 15 Jun 2022 11:20:46 -0700 /posts/2022/2022-06-15-springfox-xss-via-outdated-swagger-ui/ Wed, 15 Jun 2022 11:20:46 -0700 /posts/2022/2022-06-15-springfox-xss-via-outdated-swagger-ui/ I got my weekly TL;DR Sec newsletter on Thursday morning. I regularly browse the headlines for fun things to check out whenever I might have some actual downtime. I noticed a post about XSS in Swagger UI at: Hacking Swagger-UI - from XSS to account takeovers I did the usual perusal, noted down the concerns, and popped right on over to Sourcegraph to determine the future of my Thursday. /posts/2022/2022-03-17-keeshare-sharing-your-keepass-database-between-devices/ Tue, 22 Mar 2022 14:41:15 -0700 /posts/2022/2022-03-17-keeshare-sharing-your-keepass-database-between-devices/ Password managers are all the craze nowadays. The general advice seems to be something along the lines of: “use a password manager, set a unique password for every site, and be less stressed about remembering a million things”. It’s safe to say that more and more people are being pushed to use password managers. And by all means, you absolutely should use a password manager. Today’s post outlines a particularly useful feature of KeepassXC that makes it behave more like a cloud-based password manager. /posts/atlassian-connect-using-cloudflare-to-meet-security-requirements/ Thu, 10 Mar 2022 14:57:33 -0800 /posts/atlassian-connect-using-cloudflare-to-meet-security-requirements/ Writing an app for the Atlassian cloud platform? Were you aware you need to meet security requirements for your app? Does this all seem oddly specific for a random blog post? Is it truly a cliche to start a post with a collection of questions? – Probably. I’ll stop now. In today’s post, I’m going to describe how you can meet (most) of the Atlassian Security Requirements by simply fronting your Atlassian connect app with Cloudflare. /posts/path-traversal-and-ssrf/ Sat, 12 Feb 2022 12:09:08 -0800 /posts/path-traversal-and-ssrf/ I was recently working on a security review, and I came across an anti-pattern I’ve seen time and time again. Sure, it might be obvious, but this was a relatively tenured developer who suggested this particular solution. It’s seemingly pervasive enough that it warrants digging into. So, with that in mind, let’s chat about path traversal and SSRF. The Context I was performing an app/code review of a new “thing” to keep this vague enough. /posts/presearch-node-utils/ Sun, 24 Oct 2021 19:32:38 -0700 /posts/presearch-node-utils/ 👋 Hello, hello. I’ve recently become more and more involved with a few different crypto projects. Presearch was one of the first few I came across that I truly liked. It’s definitely in its infancy, but I love the idea of a better search solution that tracks less of you. And hey, you get rewarded PRE tokens for searching which is equivalent to a small amount of real money. Win, win, I suppose. /posts/hello-world/ Tue, 05 Oct 2021 13:13:38 -0700 /posts/hello-world/ 📣 Hello, hello. 📣 Don’t mind me, just a stray first post rolling through. Nothing was planned for this post, so now this is all we have. Sorry to disappoint. /about/ Tue, 05 Oct 2021 00:00:00 +0000 /about/ 👋 Hi there, I’m Sean. I work primarily as a Security Engineer focusing on web application security. In my spare time, I do a few things… Spend time with my wife and doggo Play video games Break other people’s software for fun – https://bugcrowd.com/arcaneanomie Fix/repair computers and do technical support, albeit I do a lot less of this anymore – https://marptech.com Code things that are likely not production ready in any capacity – https://github.