Micro attack simulations: scenario-driven validation
I was interviewed about improving cyber resilience through Micro Attack Simulations.
Archived
Java deserialization security FAQ
Details about the vulnerability class Untrusted Deserialization.
Archived
Chrome SOP bypass with SVG
Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).
Archived
Generic XXE detection
Generic Detection of XML External Entity (XXE) Vulnerabilities.
Archived
Cross-Site WebSocket Hijacking (CSWSH)
Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).