This February, we ran a Find Security Bugs scan on over at least one hundred components from the Spring Framework, including the core components (spring-core, spring-mvc) but also optional components (spring-data, spring-social, spring-oauth, etc.). From this...
This small article is an opinion piece to explain why we find the Kotlin language interesting. Its benefits applied to Burp extension development. Security professionals might not be aware of Kotlin. However, it is becoming a trending language in the Android...
At the moment, Java deserialization vulnerabilities are becoming well known by vendors and attackers. Nevertheless, pentesters will still encounter these types of vulnerabilities. The low-hanging fruits can be identified with the current tools. Most of the available...
Last week, a new version of Find Security Bugs (FSB), a FindBugs extension was released. In this post, we will present the most recent improvements and some project announcements. Find Security Bugs FSB is a plugin for the FindBugs static code analysis tool. It...