This is about a vulnerability I discovered in Apache Wicket in 2014, but never got around to publishing my write-up. So it's kinda outdated now... Apache Wicket is a web application framework for Java and is used by quite a few big sites. I had a closer look at ...Continue reading
First of all, this
research is legit because I have a logo and a name for it. This seems to be a trend right now
(heartbleed, shellshock, sandworm) . Afaik the rule is that you must invest the same time into creating the logo as you did in your research.
Creating ...Continue reading
One day I thought about different techniques to do source code analysis. Especially since we often have access to repositories and thus the evolution of code.
Wouldn't it be cool to see the age of certain lines of code relatively to others? So I decided to create a PoC ...Continue reading