Elliot Ward

Nov 7, 2024 | snyk.io | Elliot Ward

Written by: November 7, 2024 0 mins readTerraform is today’s leading Infrastructure-as-Code platform, relied upon by organizations ranging from small startups to multinational corporations. It enables teams to declaratively manage their cloud or on-premises infrastructure, allowing them to provision or decommission infrastructure components simply, consistently, and with auditability.

Aug 28, 2024 | snyk.io | Elliot Ward |Rory McNamara |Mateo Rojas-Carulla |Sam S. Watts |Eric Allen |Eric Van Allen

Written by: August 28, 2024 0 mins readOver the last 18 months, you’ve probably heard about Large Language Models (LLMs) like OpenAI’s GPT and Google’s Gemini. Whether you’re using them as a personal research assistant, an editor, or a data analyst, these tools represent a new frontier of Machine Learning (ML) and Artificial Intelligence (AI) and arguably will have the most significant impact of any technology in this decade.

Jul 25, 2024 | snyk.io | Elliot Ward

Written by: July 25, 2024 0 mins readIn this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.

Jun 20, 2024 | snyk.io | Elliot Ward |Rory McNamara

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts. This post outlines what we believe to be novel attacks against HTTP application middleware based on the simple foundation of HTTP response header injection.