Open in app
Home
Notifications
Lists
Stories

Write
Mateusz Olejarka
Mateusz Olejarka

Home

Published in SecuRing

·Aug 24, 2021

How to stay secure for longer? Software development case.

Do you want your software to be secure in its DNA? This post is our overview of two possible ways to improve security awareness in your organization. I address this post in particular to senior developers, team leaders, project managers, scrum masters, or architects — or anyone who cares about…

Security Testing

5 min read

How to stay secure for longer? Software development case.
How to stay secure for longer? Software development case.

Published in SecuRing

·May 28, 2021

Adding security to your SDLC process

This article is for you if you’re a senior developer, team leader, project manager, scrum master, or architect and you’re having trouble enforcing the required security quality. I had dozens of coffee conversations with developers during the security awareness workshops I ran, and they gave me valuable insights into application…

Security Testing

3 min read

Adding security to your SDLC process
Adding security to your SDLC process

Published in SecuRing

·Mar 16, 2021

How to bring security to your company mindset?

How does an internal event dedicated to security make a difference? Why keeping your security team in one place is a bad idea? No matter if you’re a senior developer, team leader, project manager, scrum master or architect — If you have trouble implementing the appropriate security quality then this…

Security

4 min read

How to bring security to your company mindset?
How to bring security to your company mindset?

Aug 19, 2020

A perfect duplicate or how to send an email with a spoofed invoice’s content

This is a story about one of my most interesting findings without a happy ending. Spoiler alert — the bug was closed as duplicace. Duplicate is still a valid bug and in this case it’s yet another reason to improve my automation. Moreover I also learned a bit finding it. …

Bug Bounty

2 min read

A perfect duplicate or how to send an email with a spoofed invoice’s content
A perfect duplicate or how to send an email with a spoofed invoice’s content

Jul 3, 2019

Finding hidden gems vol. 4: Rakefile a.k.a. how to get AWS keys again

Long time no see. I will improve I promise. Maybe. NVM. Staying in application development area as in previous post. Some time ago I was interested in applications created in Ruby. I did some review of trending GitHub repositories and I noticed that some of them contain a Rakefile file. To…

Ruby

2 min read


Nov 1, 2018

Finding hidden gems vol. 3: quick win with .sh file

I observed that some application deployment’s automation is done by the use of shell scripts, mostly files with .sh extensions. Based on the popular filenames found on GitHub (search for site:github.com ext:sh) I routinely check for such files during bug bounty hunting in my spare time. Once it ended up…

Security

2 min read

Finding hidden gems vol. 3: quick win with .sh file
Finding hidden gems vol. 3: quick win with .sh file

Aug 29, 2018

Finding hidden gems vol. 2: REAMDE.md, the story of a bit too helpful readme file

REAMDE.md file is meant to be helpful. It is the first file to check when you look into a new project on GitHub, see here. That’s perfectly fine from developer’s perspective. Sometimes this file stays as a development leftover all the way from the test environment to production. If it…

AWS

4 min read


Jul 23, 2018

Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret

I love sensitive information exposure bugs. They are getting more attention at last. Below a short story about leaked Node.js code and OAuth client id and client secret which I found in there. Recon One of my bug bounty recon tools discovered a package.json file which looked interesing. The package.json file…

Nodejs

2 min read

Mateusz Olejarka

Mateusz Olejarka

Pentester @ SecuRing

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable