https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.
https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...
https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.
https://github.com/veracode-research/solr-injection A brand new vulnerability - Apache Solr Injection , as well as new ways to RCE in this ...
https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ In 2023 I spent some time researching x509 certificate au...