Josh Grossman (tghosth👻) May 4

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This is the 5th example where we take the units produced by a @Knostic OpenAnt scan and scan those units individually for vulnerabilities.
https://youtu.be/pALxeunbH7s

AGHAST - Walkthrough of Example 5

YouTube
Josh Grossman (tghosth👻) Apr 30

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This 4th example takes a SARIF file simulating some generic SAST results and evaluates each finding to decide if it is a false positive.

https://youtu.be/I3b2Cn87ugg

AGHAST - Walkthrough of Example 4

YouTube
Josh Grossman (tghosth👻) Apr 28

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This is the 3rd example which doesn't use AI at all but rather just a custom written static rule to find exposed API endpoints without authentication decorators.

https://youtu.be/2P8yAWRJSLk

AGHAST - Walkthrough of Example 3

YouTube
Josh Grossman (tghosth👻) Apr 27

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This 2nd video is a hybrid check using a static @semgrep rule to find uses of a sensitive function and an AI prompt on each use to check for correct validation.

https://youtu.be/rjYegEg6dx0

AGHAST - Walkthrough of Example 2

YouTube
Josh Grossman (tghosth👻) Apr 27

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This is the 5th example where we take the units produced by a @Knostic OpenAnt scan and scan those units individually for vulnerabilities.
https://youtu.be/pALxeunbH7s

AGHAST - Walkthrough of Example 5

YouTube
Josh Grossman (tghosth👻) Apr 26

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This is the first one with a simple check that just uses an AI prompt to look for business logic being incorrectly enforced.

https://youtu.be/k-CqAsOicA4

AGHAST - Walkthrough of Example 1

YouTube
Josh Grossman (tghosth👻) Apr 23

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This 4th example takes a SARIF file simulating some generic SAST results and evaluates each finding to decide if it is a false positive.

https://youtu.be/I3b2Cn87ugg

AGHAST - Walkthrough of Example 4

YouTube
Josh Grossman (tghosth👻) Apr 21

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This is the 3rd example which doesn't use AI at all but rather just a custom written static rule to find exposed API endpoints without authentication decorators.

https://youtu.be/2P8yAWRJSLk

AGHAST - Walkthrough of Example 3

YouTube
Josh Grossman (tghosth👻) Apr 20

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

This 2nd video is a hybrid check using a static @semgrep rule to find uses of a sensitive function and an AI prompt on each use to check for correct validation.

https://youtu.be/rjYegEg6dx0

AGHAST - Walkthrough of Example 2

YouTube
Josh Grossman (tghosth👻) Apr 16

I recorded a series of videos demonstrating different ways in which you can use #AGHAST.

There is the first one with a simple check that just uses an AI prompt to look for business logic being incorrectly enforced.

https://youtu.be/k-CqAsOicA4

AGHAST - Walkthrough of Example 1

YouTube