slightlyrandombrokenthoughts.blogspot.com
(Slightly) Random Broken Thoughts: Why Complex+Powerful is a bad combination for security
http://slightlyrandombrokenthoughts.blogspot.com/2010/07/why-complexpowerful-is-bad-combination.html
Slightly) Random Broken Thoughts. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. Thursday, July 01, 2010. Why Complex Powerful is a bad combination for security. Or: the big, ugly mess that is Java serialization). In terms of security. I already knew many of the pitfalls, but I quickly found that secure validation while deserializing is extremely difficult. Need proof? Can't get it right, and the (Oracle/Sun) Secure Coding Guidelines. In the serialized dat...
droidsec.org
Members | droidsec.org
http://www.droidsec.org/members
Jduck, Group Founder. Web: http:/ qoop.org/. Quine, Sr. Research Scientist. Web: https:/ n0where.org/. Pof, Unicorn Consultant. Web: http:/ pof.eslack.org. Jacobsoo, Couch Potato. Web: http:/ vxsecurity.sg/ and http:/ xchg.info/. Jcase, Security Researcher. Web: http:/ cunninglogic.com/. Very opinionated mobile security researcher. 0xroot, Security Researcher. Web: http:/ seguesec.com/. I like to break things. Saidelike, Security Researcher. Web: http:/ saidsecurity.wordpress.com/. 21-year-old security r...