
Archived
Java deserialization security FAQ
Details about the vulnerability class Untrusted Deserialization.

Details about the vulnerability class Untrusted Deserialization.

Conference talk at OWASP AppSecEU about integrating security checks into DevOps processes.

Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).

Generic Detection of XML External Entity (XXE) Vulnerabilities.

Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).