Conference
Archived
Panel Discussion: Wie wir über Software denken
I was part of a keynote panel discussion about the future of software and security at the JAX conference.
Vulnerability
Archived
Java Deserialization Security FAQ
Details about the vulnerability class Untrusted Deserialization.
Conference
Archived
DevSecOps Maturity Model
I’ve had the chance to present my talk Security DevOps about the integration of security checks into DevOps processes at OWASP AppSecEU in Cambridge.
Vulnerability
Archived
Chrome SOP-Bypass with SVG
Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).
Vulnerability
Archived
Generic XXE Detection
Generic Detection of XML External Entity (XXE) Vulnerabilities.
Vulnerability
Archived
Cross-Site WebSocket Hijacking (CSWSH)
Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).