Security Research

► News: New Blog - December 2011
► Advisory: Opera Use After Free - Crash PoC - October 2011
► Advisory: Adobe RoboHelp DOM Cross Site Scripting - August 2011
► Article: Unusual Web Spidering Techniques - August 2011
► Article: Delayed XSRF (an interesting case) - July 2011
► Presentation: Bridging the Gap - Security and Software Testing - April 2011
► Article: A confusing disclosure - March 2011
► Article: An interesting session fixation attack - March 2011
► Article: Some clarifications - November 2010
► Advisory: Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass - October 2010
► Advisory: Oracle Sun Java System Web Server - HTTP Response Splitting - October 2010
► Advisory: Oracle Siebel eBusiness Application – Multiple Cross Site Scripting Vulnerabilities - October 2010
► White Paper: Leveraging XSRF with Apache "Compatibility with older browser" feature and Java Applet - October 2010
► Advisory: Three bugs in Oracle software and a white paper - October 2010
► News: Kiwicon IV - October 2010
► Article: Intoxicated SERPs or... HTML in SERP links - October 2010
► Presentation: Defending against application level DoS attacks - July 2010
► White Paper: Cross Context Scripting with Firefox - April 2010
► Addendum: Exploiting Cross Context Scripting vulnerabilities in Firefox - April 2010
► Advisory: Multiple adobe products - XML external entity and xml injection - February 2010
► Video: Defcon 17 video online - January 2010
► Article: Another Firefox Extension advisory - January 2010
► Article: Twitter XSS - November 2009
► Article: SecurityByte & OWASP AppSec Asia 2009 - November 2009
► Article: 2 Firefox Extensions Chrome Privileged Code Injection - October 2009
► Advisory: Update Scanner chrome privileged code injection - August 2009
► Advisory: CoolPreviews chrome privileged code injection - August 2009
► Interview: Exploiting firefox extensions on Risky.biz - August 2009
► Presentation: Defcon 17, 2009 - abusing firefox extensions - August 2009
► News: Defcon 17! - July 2009
► Article: Backdooring Windows Media Files - July 2009
► Article: OWASP New Zealand Day 2009 - Speakers announcement - June 2009
► Presentation: Eusecwest 2009 - exploiting firefox extensions - May 2009
► Article: OWASP New Zealand Day 2009 Security Conference - March 2009
► Presentation: Reversing JavaScript - March 2009
► Article: OWASP Testing Guide v3.0 - March 2009
► Advisory: Google analytics - stored cross site scripting - December 2008
► Tool: sed v0.2 update - November 2008
► Advisory: Opera stored cross site scripting - October 2008
► Tool: sed v0.1 release - September 2008
► Presentation: Browser security - September 2008
► Article: Ruxcon 2008 - September 2008
► Article: Kiwicon II - September 2008
► Presentation: Black energy 1.8 web-based botnet package analysis - May 2008
► Article: Web spam techniques - Apr 2008
► Advisory: Sugarcrm local file disclosure vulnerability - Apr 2008
► Article: IE content type txt - Apr 2008
► Interview: Negative SEO - Apr 2008
► Presentation: Xpath Injection - Feb 2008
► Presentation: Ajax Security - Dec 2007
► Article: Phishing and Media - Feb 2007
► Advisory: DotNetNuke vulnerability - Aug 2006

Share - permalink - Comment/Contact me