Caleb Fenton

Caleb Fenton

Stay up to date on Application Security

Posts by Caleb Fenton
  • Commons Collections Deserialization…
    December 1, 2015 | By Caleb Fenton

    A few weeks ago, I wrote about the recent Apache Commons Collections deserialization vulnerability in Let’s Calm Down About Apache Commons Collections. I said we were going to look into finding other libraries that were also vulnerable. In this post, I publish the findings and conclusions. Then I…

    Read Article
     
  • Let’s Calm Down About Apache Commons…
    November 17, 2015 | By Caleb Fenton

    On November 6th, 2015, a blog post was published with the title "What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability". The post describes how several popular applications are exploitable via a Java deserialization vulnerability discovered by…

    Read Article
     
  • HTTP Security Headers in Plain English
    November 3, 2015 | By Caleb Fenton

    Understanding and configuring HTTP security settings can be confusing. There are lots of guides that serve as great technical references for all the different settings, but the purpose of this post is to explain what we have learned implementing a security policy by explaining the various security…

    Read Article
     

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.