https://miscreants.github.io/blog.trailofbits.com/authors/travis-peters/Recent content in Travis Peters on The Trail of Bits BlogHugoen-usMon, 09 Dec 2024 09:00:43 -0500https://miscreants.github.io/blog.trailofbits.com/2024/12/09/35-more-semgrep-rules-infrastructure-supply-chain-and-ruby/Mon, 09 Dec 2024 09:00:43 -0500https://miscreants.github.io/blog.trailofbits.com/2024/12/09/35-more-semgrep-rules-infrastructure-supply-chain-and-ruby/We are publishing another set of custom Semgrep rules, bringing our total number of public rules to 115. This blog post will briefly cover the new rules, then explore two Semgrep features in depth: regex mode (especially how it compares against generic mode), and HCL language support for technologies […]https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/Mon, 18 Sep 2023 08:00:42 -0400https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources. During our evaluation, Caddy was deployed as a reverse proxy […]