Cory Rey is a Lead Penetration Tester at Schellman where he plays a key role in advancing the firm’s offensive security capabilities, including spearheading the development of its AI Red Team service line. Focused on performing penetration tests for leading cloud service providers, he now extends his expertise to identifying and exploiting vulnerabilities in Generative AI systems—areas often overlooked by traditional security assessments. With a strong foundation in Application Security, Cory has a proven track record of uncovering complex security flaws across diverse environments.
By:
Cory Rey
October 17th, 2024
With proven real-life use cases, it’s a no-brainer that companies are looking for ways to integrate large language models (LLMs) into their existing offerings to generate content. A combination that’s often referred to as Generative AI, LLMs enable chat interfaces to have a human-like, complex conversation with customers and respond dynamically, saving you time and money. However, with all these new, exciting bits of technology come related security risks—some that can arise even at the moment of initial implementation.
By:
Cory Rey
March 2nd, 2023
The world of information security is ever-evolving as further innovation and development continue to drive the market forward. Web applications are no exception, but as they grow more complex with the addition of new features and supporting technology, so do their attack surfaces. Sometimes, it can feel like the latest risk to your web application is seemingly around the corner, and really, that might be true—it’s become more important than ever to maintain a good security posture.
By:
Cory Rey
November 16th, 2022
When conducting a web application penetration test, cross-site scripting (XSS) is one of the most common vulnerabilities identified by testers—it stems from an application’s lack of sanitization when certain characters are rendered from user-controlled input.
By:
Cory Rey
February 11th, 2022
Benjamin Franklin once said, “an investment in knowledge always pays the best interest.”
Cybersecurity Assessments | Penetration Testing
By:
Cory Rey
January 14th, 2020
The Importance of the DMARC Record - Protecting Your Domain Against Spoofing Attacks These days, it has never been easier to establish an online presence, and having your own domain is a key component of that. However, with great domain ownership comes great responsibility, as do the problems that can follow your presence. As such, when managing individual DNS records, all users should stay up to date on the latest trends with regards to safeguarding their domain’s reputation, as well as all the persistent problems that come with online communication. Spoofing is one of those age-old issues when using e-mail as a contact protocol, and when it comes to spoofing protection, Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) are usually identified as a consistent “best practice” standard. However, they themselves are not enough to prevent modern spoofing techniques, even if both of these DNS records are both useful in their own way.