Pieter De Cremer

Man with a long reddish beard, glasses, and bow tie wearing a dark suit jacket over a collared shirt.
About

Pieter De Cremer

Resource hub

Articles by Pieter De Cremer

more posts
Code snippet in VIM editor showing XML for company employees with names, roles, and security codes.
Blog
Filter Label
This is some text inside of a div block.

Secure Coding Technique: Processing XML data, part 1

Specifications for XML and XML schemas include multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. Even though we use XML schemas to define the security of XML documents, they can be used to perform a variety of attacks.

Learn More
Close-up of a login screen showing fields for username and password entry.
Blog
Filter Label
This is some text inside of a div block.

How-to Avoid Username Enumeration | Secure Code Warrior

Username enumeration is when hackers use brute-force attacks to get username & password info. Learn how to avoid username enumeration with Secure Code Warrior.

Learn More
Text logo 'TICKETTRICK' with a door image in the letter T and phrase about helpdesk letting hacker in.
Blog
Filter Label
This is some text inside of a div block.

Hello from the other side. Interview with a bug bounty hunter.

The bug is still out there. It isn't something that can be fixed right away. Over the past few months, I contacted dozens of companies and affected vendors as part of their bug bounty programs in order to get their setup fixed.

Learn More
Map showing hacker attacks from Italy, USA, Brazil targeting Code Snippets application in Europe.
Blog
Filter Label
This is some text inside of a div block.

How secure coding guidelines evolve

Last week I was researching vulnerabilities in Java Spring to bring our secure coding guidelines up to date.

Learn More
Secure Code Warrior screen about injection flaws in deserialization of untrusted data with Learn and Practice options.
Blog
Filter Label
This is some text inside of a div block.

The difficulty with patching deserialization vulnerabilities

The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language.

Learn More
Green Android mascot holding a sheet with a lock icon and the word Security.
Blog
Filter Label
This is some text inside of a div block.

Secure coding technique: The Custom Permission Problem

By defining custom permissions, an app can share its resources and capabilities with other apps.

Learn More
Black keyboard key with the white text 'Recover Files' on a glowing blue background.
Blog
Filter Label
This is some text inside of a div block.

Secure coding technique: Securely deleting files

Data remanence is the residual physical representation of data that has been in some way erased.

Learn More
Blue digital padlock icon overlaid on blurred programming code representing cybersecurity.
Blog
Filter Label
This is some text inside of a div block.

Android Full Device Encryption Technique | Secure Code Warrior

Android full device encryption safekeeps all of the data & writes it into storage, only seen after the device is unlocked. Learn from Secure Code Warrior.

Learn More
Person using a smartphone with one hand while wearing a pink shirt and jeans outdoors.
Blog
Filter Label
This is some text inside of a div block.

Secure coding technique: Let's talk about Tapjacking

Sometimes it is essential that an application be able to verify that an action is being performed with the full knowledge and consent of the user

Learn More
Spiral-shaped pile of various open and closed books and papers stacked in a vortex.
Blog
Filter Label
This is some text inside of a div block.

Secure coding technique: Default behavior of Zip libraries can lead to Remote Code Execution

We can inject a file into a zip whose name is prefixed with an

Learn More