top of page
Week 1: Architecture of an AI Financial Platform
What happens when AI agents handle real financial workflows? I've been working on FinBot CTF — an AI-powered financial platform built for the OWASP Agentic AI project. The goal is to explore what happens when you give AI agents real financial responsibilities, such as onboarding vendors, processing invoices, flagging fraud, and authorizing payments. But before I write about how I test it, I need to explain what I'm actually testing. Because the architecture is what makes this
carocsteads
Mar 34 min read
Building an AI Threat Analytics Framework: A Developer's Journey
How I created a security-focused AI testing framework with Python, pytest, and real-world threat detection By Carolina Steadham | QA Automation Engineer Introduction Security is one of the most critical concerns in today's digital landscape. With AI systems becoming increasingly prevalent in security operations, I set out to build a comprehensive AI Threat Analytics Framework - a proof-of-concept project that demonstrates how AI can be leveraged for threat detection, classi
carocsteads
Dec 12, 20254 min read
PortSwigger Exploiting APIs
1. Objective 2. Lab: Exploiting an API endpoint using documentation 3. Lab: Finding and exploiting an unused API endpoint 4. Lab: Exploiting a mass assignment vulnerability 5. Lab: Exploiting server-side parameter pollution in a query string 1. Objective: This document showcases a set of hands-on API security testing exercises completed through the PortSwigger Web Security Academy. The goal is to demonstrate practical skills in identifying, analyzing, exploiting and mitiga
carocsteads
Jul 29, 20257 min read
bottom of page