CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Forget Python Or Java: What You’re Speaking Is Code

The most powerful programming language today isn’t written in code editors. It’s natural language. In this article, I’ll ...

Using C Libraries in Java 1: Fundamentals of the Foreign Function & Memory API

The Foreign Function & Memory API in Java provides significantly easier access to functions in C libraries than the outdated ...
GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...