• 2019-06-17
  • 6 minutes

Insecure Deserialization in Java

Insecure deserialization got in OWASP top 10 in 2017 as most of web applications written in Java and .net where found vulnerable and in most of the scenarios the vulnerabilities got to Remote Code Execution (RCE) So lets see how this vulnerability works, how to exploit it and how to prevent it. Deserialization in Java […]
Continue Reading
  • 7 minutes

XML External Entities (XXE)

XML and JSON are two formats ruling the web right now. Although JSON’s adoption is increasing significantly specially with REST, XML is still widely used. What most of developers don’t know is that most of the XML parsers out there by following the specification by default have major security flaws. In some cases (not that […]
Continue Reading