Profile cover photo
Profile photo
Christian Schneider
258 followers -
Software Developer, Whitehat Hacker & Trainer
Software Developer, Whitehat Hacker & Trainer

258 followers
About
Christian's posts

Post has attachment

Post has attachment

Post has attachment
Extended version of the #SecDevOps  talk (covering more axes) held last week at Ruhr-Universität Bochum as part of  #HackPra  

Post has attachment
Talk at #OWASP  AppSecEU 2015 in Amsterdam about #SecDevOps  

Post has attachment

Post has attachment
This is a short writeup about my SOP (Same-Origin Policy) bypass with SVG images I've found in Chrome, so that other security researchers can benefit from it.

Post has attachment
Some #LiveHacking  ahead this Thursday in Munich... Looking forward to my talk and #WebSecurity  demos at W-JAX 2014 developer conference ;)

Post has attachment

Post has attachment
In this article I present some thoughts about generic detection of XML eXternal Entity (XXE) vulnerabilities during manual pentests supplemented with some level of automated tests. The ideas in this blog post can easily be transformed into a generic approach to fit into web vulnerability scanners and their extensions.

This is done by demonstrating an example of where service endpoints that are used in a non-XML fashion can eventually be accessed with XML as input format too, opening the attack surface for XXE attacks.

Post has attachment
See you in Cambridge at the #OWASP   #AppSecEU  conference in June! Looking forward to giving a "Java Web Hacking & Hardening" training session there...
Wait while more posts are being loaded