Skip to main content

21 posts tagged with "technology"

View All Tags

· 5 min read
Aleh Zasypkin

Hello!

This is the second part of my previous post where I started discussing the challenges related to tracking changes in JavaScript and CSS resources, and how I address these challenges in the Resources Tracker utility in Secutils.dev.

In the previous part, I talked about handling inline and external resources, dealing with dynamically loaded resources, and comparing large-sized resources. Now, let's explore the next set of challenges you need to consider when comparing JavaScript and CSS resources.

· 6 min read
Aleh Zasypkin

Hello!

In one of my previous posts, I explained the concept behind the Resource Tracker utility in Secutils.dev and who can benefit from it. Initially, I had planned to release it in the "Q2 2023 - Apr - Jun" feature update (around the first week of July). However, it has taken a bit more time than I initially anticipated. In this post and the following ones, I would like to explain why comparing JavaScript and CSS files is not as simple of a problem as it may appear at first glance, and I'll share the solution I developed for Secutils.dev.

· 4 min read
Aleh Zasypkin

Hello!

It's an understatement to say that there is a lot of hype around AI these days. It seems to be integrated into everything. The company I work for, Elastic, is also keeping up with the trend by recently releasing the [Elasticsearch Relevance Engine™ (ESRE™)]https://www.elastic.co/search-labs/blog/articles/may-2023-launch-announcement) and the Elastic AI Assistant. Even though I'm typically quite skeptical about over-hyped stuff, I must admit that AI is certainly making waves!

Unsurprisingly, I also find myself asking a question: could the integration of AI tools be useful to the users of Secutils.dev? Let's attempt to answer this question by exploring a simple proof-of-concept that I have been tinkering with this week!

· 6 min read
Aleh Zasypkin

Hello!

Today, I'd like to show you how you can leverage the "Webhooks" feature of Secutils.dev to explore third-party web services, or as a security researcher would say, perform a basic active reconnaissance. Reconnaissance is just a fancy word for gathering information about a target system to identify exploitable vulnerabilities and potential attack vectors. In this post, we'll focus on learning how a specific web service implements functionality that interests us. Our intention is purely innocent — we simply want to understand how it works. However, the technique we'll use is quite similar to what security researchers employ during routine reconnaissance.

· 4 min read
Aleh Zasypkin

Hello!

As the end of "Q2 2023 - Apr-Jun" milestone (that's how I structure my roadmap) is quickly approaching, I wanted to give a quick update on the progress so far. One of the significant deliverables for this milestone is a functional web resources tracker utility. The utility should give developers the ability to track resources of any web page. You may be wondering why they would want to do that and how it relates to security. Let me explain using two personas: the developer and the security researcher.

· 9 min read
Aleh Zasypkin

Hello!

In my previous posts, I mostly focused on the technical aspects related to Secutils.dev, such as the technological stack, deployment process, and tools for monitoring and usage analytics.

Today, I'd like to discuss the costs associated with running Secutils.dev in production. As developers, we understand the importance of being resourceful, frugal, and efficient when building and maintaining products. Therefore, minimizing costs is a crucial and ongoing topic. Let's dive into how I optimize costs for Secutils.dev.