Analysis of CVE-2019-2030: OGNL Expression Language Vulnerability


Object-Graph Navigation Language is an expression language for Java. It is widely used in web applications, but it also has security flaws due to its capability of creating and executing codes. In this blog we will discuss exploitation of this vulnerability and detection by Prismo. […]

Read More…

Detection of Vulnerabilities in Web Applications – OS Command Injection

Continuing wth the detection algorithm we presented at Virus Bulletin 2019, In this post we introduce the principle of detect, response, and remediate. If remedial action provided by the detection algorithm is taken (fixing the vulnerable code path in this case), it will increase the exploitation complexity for threat actors to breach an organization. […]

Read More…