Mastodawn

Liran Tal

@lirantal@infosec.exchange

641 Followers

289 Following

1.7K Posts

🌟 GitHub Star 2022
🏆 OpenJS Pathfinder award for Security 2022
🥑 DevRel at @snyksec
@NodeJS AppSec & OpenSource ❤️
O'Reilly author on Serverless JavaScript Security
Docker container security hero 🐳

Author of Node.js Security 👉 bit.ly/node-security
Author of Security Headers 👉 bit.ly/http-security

Interests:
#OpenSource #NodeJS #AppSec #JavaScript #Containers #Docker #SupplyChainSecurity #Snyk #OWASP #GitHub #DevSecOps #DevRel #CNCF #OpenSSF #OpenJSF

Website	https://lirantal.com
GitHub	https://github.com/lirantal
Twitter	https://twitter.com/liran_tal
Node.js Secure Coding	https://www.nodejs-security.com/

Liran Tal

57m ago

so close to a path traversal vulnerability finding but filePath is hard-coded to a predefined file name

there's still an issue there with TOCTOU and predictable file writing but I'm gonna see about a command injection route instead

#bugbounty

Liran Tal

17h ago

Think about ungoverned LLM output as the core issue of concatenation that leads to SQL injection etc

Liran Tal

1d ago

it's quite possible the nerdiest engineering blog I've seen to date is from block:

Liran Tal

2d ago

how do you track which MCP Servers you have configured across your AI apps?

I built this TUI mock-up with Vercel v0
you want access to the CLI ?

Liran Tal

3d ago

some of us grew up playing this

Liran Tal

3d ago

What sort of AI agents are you building with CrewAI ?

I'm curious how well do you find the tooling ecosystem
For example, the ScrapeWebsiteTool is fine but it only extract texts and I needed to build my own custom tool with BeautifulSoup to parse links and such from the web page