Software Integrity Blog

Author Archive

Christopher Fearon

christopher-fearon

Focusing on delivering maximum security & customer value, Christopher is dedicated to redefining Open Source Software vulnerability disclosure & management processes. Multiple years of experience within large financial and private sector security roles, Christopher has developed both security leadership and expertise in the areas of application security, incident response & strategic research planning, including the adoption and effective implementation of Open Source software.


Posts by Christopher Fearon:

 

Apache Struts research at scale, Part 3: Exploitation

During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts).

Continue Reading...

Posted in Software Security Research

 

Apache Struts research at scale, Part 2: Execution environments

During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.

Continue Reading...

Posted in Software Security Research

 

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Continue Reading...

Posted in Software Security Research

 

Examining Apache Struts remote code execution vulnerabilities

Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.

Continue Reading...

Posted in Data Breach Security, Open Source Security, Software Architecture & Design