💻 Javadoc of the utility class:

righettod.github.io/code-snippet...

📖 Main references used:

- cnpd.public.lu/fr/decisions...
- cnpd.public.lu/content/dam/...
- en.wikipedia.org/wiki/Interna...
- www.iban.com/structure
- en.wikipedia.org/wiki/Payment...

#appsec #appsecurity

- We added a reference to the page about headers for the framework "Next.js".
- We integrated into the ecosystem of the project OWASP Nest.

📖 owasp.org/www-project-...

💡 Source used:

- nest.owasp.org
- nextjs.org/docs/pages/a...
- github.com/santoru/shch...
- developer.mozilla.org/en-US/docs/W...

Very cool design 😉

POC results:

📖 References & tools used:

- ollama.com
- ollama.com/library/qwen...
- github.com/gitleaks/git...
- github.com/righettod/to...

#appsec #appsecurity #sast #ai

🧑‍💻 So, using a model running locally via ollama, I created a small script to "confront" each secret identified by GitLeaks against the model using an tuned system and user prompts to try to determine whether the secret is a real one or not.

💻 POC:

github.com/righettod/to...

📖 References & tools used:

- nvd.nist.gov/vuln/detail/...
- github.com/mgthuramoemy...
- en.wikipedia.org/wiki/XFA

You can configure it any way you want or need, but the extension comes with a bundled configuration files you can use out of the box. One of them disallows dangerous functions like var_dump() or put_env(), while another one blocks insecure functions like hash() with MD5 github.com/spaze/phpsta...

Un grand merci !!!!

💡 Source used:

- developer.mozilla.org/en-US/docs/W...
- bitsup.blogspot.com/2008/11/dns-...
- www.chromium.org/developers/d...
- http.dev/x-dns-prefet...
- caniuse.com/mdn-http_hea...