hero bg no divider

Pieter De Cremer

""

Quotes

Application Security Researcher - R&D Engineer - PhD Candidate

Resource hub

Articles by Pieter De Cremer

More posts
Blog

Secure Coding Technique: Processing XML data, part 1

Specifications for XML and XML schemas include multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. Even though we use XML schemas to define the security of XML documents, they can be used to perform a variety of attacks.

Dec 10, 2017
Blog

How-to Avoid Username Enumeration | Secure Code Warrior

Username enumeration is when hackers use brute-force attacks to get username & password info. Learn how to avoid username enumeration with Secure Code Warrior.

Oct 9, 2017
Blog

Hello from the other side. Interview with a bug bounty hunter.

The bug is still out there. It isn't something that can be fixed right away. Over the past few months, I contacted dozens of companies and affected vendors as part of their bug bounty programs in order to get their setup fixed.

Sep 27, 2017
Blog

How secure coding guidelines evolve

Last week I was researching vulnerabilities in Java Spring to bring our secure coding guidelines up to date.

Sep 15, 2017
Blog

The difficulty with patching deserialization vulnerabilities

The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language.

Sep 11, 2017
Blog

Secure coding technique: The Custom Permission Problem

By defining custom permissions, an app can share its resources and capabilities with other apps.

Oct 25, 2017
Blog

Secure coding technique: Securely deleting files

Data remanence is the residual physical representation of data that has been in some way erased.

Sep 10, 2017
Blog

Android Full Device Encryption Technique | Secure Code Warrior

Android full device encryption safekeeps all of the data & writes it into storage, only seen after the device is unlocked. Learn from Secure Code Warrior.

Nov 2, 2017
Blog

Secure coding technique: Let's talk about Tapjacking

Sometimes it is essential that an application be able to verify that an action is being performed with the full knowledge and consent of the user

Oct 31, 2017
Blog

Secure coding technique: Default behavior of Zip libraries can lead to Remote Code Execution

We can inject a file into a zip whose name is prefixed with an

Nov 13, 2017