In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...

When I am trying to find vulnerabilities in web applications, I always perform fuzzing of all http parameters, and sometimes it gives me som...

https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...

https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.

https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...

https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.

https://github.com/veracode-research/solr-injection A brand new vulnerability -  Apache Solr Injection , as well as new ways to RCE in this ...

https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ In 2023 I spent some time researching x509 certificate au...