Deserialisation Vulnerabilities

Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is the deserialization of untrusted data. I say overlooked because awareness of this issue seems to be comparatively low among web developers. Contrast that with the...

Meltdown and Spectre

With the recent disclosure of the hardware bugs Meltdown and Spectre, the infosec world has been thrown into a bit of chaos. The bottom line is “It’s a very serious bug in the CPU itself; your computer is most probably affected, but the major operating...

How Basic Data Structures are Leaky Abstractions

This blog post is based on a set of challenges presented at SecTalks Canberra. You can have a go at solving the challenges here – this post will have some spoilers.  Here’s a trick question: if I have a negative number, and I multiply it by negative one,...