HackerTrans
TopNewTrendsCommentsPastAskShowJobs

shivasurya

no profile record

Submissions

[untitled]

1 points·by shivasurya·3 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·3 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·3 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·4 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·5 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·6 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·7 เดือนที่ผ่านมา·0 comments

Some thoughts around Django SQL Injection CVE-2025-64459

shivasurya.me
2 points·by shivasurya·8 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by shivasurya·9 เดือนที่ผ่านมา·0 comments

comments

shivasurya
·2 เดือนที่ผ่านมา·discuss
Nice. thanks for sharing!
shivasurya
·2 เดือนที่ผ่านมา·discuss
Is there any possibility of integrating with FreeCAD?
shivasurya
·3 เดือนที่ผ่านมา·discuss
Star might be the weakest signal of project usefulness and also trust is eroding I no longer trust stars for security.
shivasurya
·5 เดือนที่ผ่านมา·discuss
It replaces URL params and body too
shivasurya
·6 เดือนที่ผ่านมา·discuss
^this 100%
shivasurya
·6 เดือนที่ผ่านมา·discuss
Works for great company with amazing culture.

But what about insecure managers, jealousy managers, and managers who reward folks who are loyal to them or based on same region/country?
shivasurya
·7 เดือนที่ผ่านมา·discuss
https://codepathfinder.dev Currently working on AI-Native Static code analysis and currently it's open-source.
shivasurya
·9 เดือนที่ผ่านมา·discuss
I would say this is a nice & clever attack vector by calculating from rendering time aka side channeling. Kudos to the researchers though it would take lot of time and capture pixels even for Google authenticator. My worry is now how much of this could be reproduced to steal OTP from messages.

Given to rise of well defined templates (accurately vibe coding design for example: GitHub notification emails) phishing via email, I have literally stopped clicking links email and now I have stop launching apps from intent directly (say open with). Better to open manually and perform such operation + remove useless apps but people underestimate the attack surface (it can come through sdk, web page intents)
shivasurya
·9 เดือนที่ผ่านมา·discuss
This is why codepathfinder.dev is born. It underhood use tree-sitter to search functions, class, member variables and pulls code accurately instead of regex.

I started using it like tool call in Security scanning (think of something like claude-code for security scanning)

Give it a read if you're interested:

https://codepathfinder.dev/blog/codeql-oss-alternative/

https://codepathfinder.dev/blog/introducing-secureflow-cli-t...

Happy to discuss!
shivasurya
·9 เดือนที่ผ่านมา·discuss
Working on SecureFlow (https://codepathfinder.dev/secureflow-ai/) - think of claude-code style but for hunting security vulnerabilities.

The goal is to catch vulnerabilities early in the SDLC by running agentic loop that autonomously hunt for security issues in codebases.Currently available as a CLI tool, VSCode extension.I've been actively using to scan WordPress, odoo plugins and found several privilege escalation vuln. I have documented as blog post here: https://codepathfinder.dev/blog/introducing-secureflow-cli-t...
shivasurya
·9 เดือนที่ผ่านมา·discuss
Love this take actually and have been working on this and published this way back 2023/2024. Recently, I've been inspired by Claude-code & Cline agentic flow + tool looping, I experimented the same with tools like file_read, dir_list and throwing in few sast tools, security prompts on Wordpress plugin ecosystem (say with 10k-100k active installation) and scanned around ~600 and to my surprise it yielded ~45 critical, ~120 high severity issues and accounting 20% for non-reachability vuln. Spent around 6$ and ~40 million tokens with grok-4 fast reasoning model and the results were impressive, I gave a try with claude-sonnet but significantly rate-limited despite having 50$ credits from anthropic for research.

You can read about my experience here: https://codepathfinder.dev/blog/introducing-secureflow-cli-t...

Old post: https://shivasurya.me/security-reviews/sast/2024/06/27/autom...