Reverse Tabnabbing or also known as Unsafe Target Blank is one of the most underrated vulnerability, and this is the one I like the most. It’s really easy to find an exploitable web application and it’s also quite easy to mitigate.

So what is Reverse Tabnabbing?

When you create a link …

Insecure deserialization got in OWASP top 10 in 2017 as most of web applications written in Java and .net where found vulnerable and in most of the scenarios the vulnerabilities got to Remote Code Execution (RCE)

So lets see how this vulnerability works, how to exploit it and how to prevent it. …

A lot of developers don’t know that regular Random is a weak random implementation. In fact its quite predictable. A lot of code relies on this class to generate passwords, tokens and other security related values, that in fact end up not being secure at all.

I’m going to focus on Java, …

XML and JSON are two formats ruling the web right now.
Although JSON’s adoption is increasing significantly specially with REST, XML is still widely used.

What most of developers don’t know is that most of the XML parsers out there by following the specification by default have major …

Heap Inspection is a vulnerability that most of the times developers don’t care about, since it is not easy to mitigate, and most of libraries/frameworks are not prepared to handle it.

So what is Heap Inspection?

Basically it’s just when you get access to a machine and get access to …