Archived
Java deserialization security FAQ
Details about the vulnerability class Untrusted Deserialization.
Archived
DevSecOps maturity model
Conference talk at OWASP AppSecEU about integrating security checks into DevOps processes.
Archived
Chrome SOP bypass with SVG
Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).
Archived
Generic XXE detection
Generic Detection of XML External Entity (XXE) Vulnerabilities.
Archived
Cross-Site WebSocket Hijacking (CSWSH)
Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).