Ship fast, but guard faster: securing DevOps itself
A pragmatic defense-first guide for modern DevOps.
12 steps to secure software: a prioritized roadmap
Empower cybersecurity in software development projects with these easy and effective first steps.
Micro attack simulations: scenario-driven validation
I was interviewed about improving cyber resilience through Micro Attack Simulations.
Archived
Handling Log4Shell vulnerability
Summarizing the current state of advice regarding the Log4j vulnerability.
Archived
Java deserialization security FAQ
Details about the vulnerability class Untrusted Deserialization.
Archived
DevSecOps maturity model
Conference talk at OWASP AppSecEU about integrating security checks into DevOps processes.
Archived
Chrome SOP bypass with SVG
Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).
Archived
Generic XXE detection
Generic Detection of XML External Entity (XXE) Vulnerabilities.
Archived
Cross-Site WebSocket Hijacking (CSWSH)
Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).