- Commons Collections Deserialization Vulnerability Research Findings
A few weeks ago, I wrote about the recent Apache Commons Collections deserialization vulnerability in Let’s Calm Down About Apache Commons Collections. I said we were going to look into finding other libraries that were also vulnerable. In this post, I publish the findings and conclusions. Then I geek-out by excitedly describing plans and ideas for future research. Research Method The original… READ MORE
Stay up to date on Application Security
- Let’s Calm Down About Apache Commons Collections
On November 6th, 2015, a blog post was published with the title "What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability". The post describes how several popular applications are exploitable via a Java deserialization vulnerability discovered by two security researchers, Gabriel Lawrence and Chris Frohoff. The vulnerability involves combining… READ MORE
- HTTP Security Headers in Plain English
Understanding and configuring HTTP security settings can be confusing. There are lots of guides that serve as great technical references for all the different settings, but the purpose of this post is to explain what we have learned implementing a security policy by explaining the various security settings in a simple way. This will also be the first post discussing our Security Headers and CSP… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.