PHP Serialization has a fatal flaw which allows for pollution of the scope and global context of an application, as well as running arbitrary code in some scenarios if sources …
Category: Computer
I participated in the Stripe CTF Web Attacks and thus far it was the most well designed CTF I have ever encountered (and I have participated in a couple dozen). This …
Bloating is one of the most fatal horrors that can happen to a piece of software. It is when you have a nice working software that everyone loves, and then …
While I was thinking about certain ways of summarizing CSRF prevention for OWASP PHP Security Cheat Sheet – mixing taint tracking with different request criteria – I found a certain type of …
Qt is a rather magnificent and silent framework. Every application I tend to find amusing and well developed, is based on Qt, but nobody really knows that. There’s not much …
I just finished my Bachelor’s thesis with the topic “Secure Web Application Framework”, unfortunately it’s in Persian, thus only Persian readers can enjoy it. It’s about 200 pages, which about …
The next Monday, 21st Farvardin (Jalali) I’ll be having a speaking session at Tarbiat Moalem (aka Kharazmi) University, set up by my dearly respected professor, Dr. Ehsan Malekian. I’ll be …
This is intended to be a theoretical/practical tutorial on how to use email certificates to encrypt and digitally sign your emails. There are approximately 2 million emails transferred every hour, …
This one is intended to be an educational/tutorial post on how I hacked an MMORPG web browser Persian game known as Removed From Text and along with it, the well …