Vasilii Ermilov

Security researcher, bug hunter, software engineer.

Links:

Publications:

• Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex
• A Technical Deep Dive into Semgrep’s JavaScript Vulnerability Detection
• Exploiting dynamic rendering engines to take control of web apps
• Hardcoded secrets, unverified tokens, and other common JWT mistakes

Presentations:

• Most common vulnerabilities in Github Actions
  • Bsides Seattle (April 2025)
  • OWASP SnowFROC (March 2025)
  • BSides Singapore (September 2024)
• Saving a SAST Program in Distress
  • OWASP Toronto (April 2022)
• Scale Security with Secure Defaults & Eliminating Bug Classes
  • OWASP Ottawa (July 2021)