- crossdomain.xml : Beware of Wildcards http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html 9 comments netsec
- XXE vulnerability on RunKeeper http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html 7 comments netsec
- Beyond xss: ESAPI : When authenticated encryption goes wrong http://blog.h3xstream.com/2013/08/esapi-when-authenticated-encryption.html 3 comments netsec