GoSecure Blog

FindSecBugs officially an OWASP project

Over the years, Find Security Bugs - or FindSecBugs in short - has evolved from a limited static-analysis tool to a tool with a solid coverage of bug patterns. In this post, we will present the latest milestone from the project: arrival in the OWASP family, some number and details regarding its new release.

Read More

Topics: code review, static analysis, java, owasp

Java Remote Code Execution Potpourri

Some time ago; we published a blog about jenkins-fsb, a preconfigured Jenkins instance for efficiently using the plug-in, Find Security Bugs. In that blog post, there was an indication about multiple vulnerabilities having been found but not disclosed. Well, today we are sharing more details about the process of finding four different kinds of remote code execution in modern Java applications. Remote execution in Java can happen under different circumstances and all the findings presented here are all different from one another. This shows that while some code execution vulnerabilities are easy to detect, some of them require a thorough inspection.

Read More

Topics: code review, vulnerability, web, java

Subscribe to Email Updates

Recent Posts