java

android archive java multidex remote code execution secure secure code warrior secure coding secure coding technique secure coding techniques security zip zip libraries zip library

Secure coding technique: Default behavior of Zip libraries can lead to Remote Code Execution

13th November 2017

We can inject a file into a zip whose name is prefixed with an arbitrary number of `../`…

Pieter De Cremer

codeinjection expression language guideline java owasp secure coding spel spring springframework xss

How secure coding guidelines evolve

15th September 2017

Last week I was researching vulnerabilities in Java Spring to bring our secure coding guidelines up to date.…

Pieter De Cremer

apache deserialization equifax equifax breach hackers java json owasp secure code warrior sensei struts vulnerability xml

The difficulty with patching deserialization vulnerabilities

11th September 2017

The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language.…

Pieter De Cremer

Tags

Secure coding technique: Default behavior of Zip libraries can lead to Remote Code Execution

How secure coding guidelines evolve

The difficulty with patching deserialization vulnerabilities

Secure coding insights served fresh