<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Ajin Abraham

Ajin Abraham is a Product Security Engineer with IMMUNIO having 6+ years of experience in Application Security including 3 years of Security Research. He is a frequent speaker at multiple security conferences and loves developing security tools that works. Authored Mobile Security Framework (MobSF), an automated pen-testing platform for Mobile applications and OWASP Xenotix XSS Exploit Framework, an advanced cross site scripting detection and exploitation framework which is voted as the Top 5th Security tool for two consecutive years (2013 and 2014). He regularly publishes his research at http://opensecurity.in.

Recent Posts

Will it Pwn CVE-2017-5638: Remote Code Execution in Apache Struts 2?

POSTED BY  Ajin Abraham on Mar 13, 2017
Mar 13 2017

A few days back Nike Zheng reported a Remote Code Execution vulnerability in Apache Struts2. The vulnerability exploits a bug in Jakarta's Multipart parser used by Apache Struts2 to achieve remote code execution by sending a crafted Content-Type...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security

Automated Mobile App Security Testing with MobSF: An Overview

POSTED BY  Ajin Abraham on Sep 08, 2016
Sep 08 2016


Recently I had the opportunity to discuss automated security testing of mobile applications at OWASP’s AppSec Europe 16 conference. My presentation centered on the top challenges facing mobile app pentesters, mobile malware analysts,...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Mobile App Security

Will it Pwn? CVE-2016-6316

POSTED BY  Ajin Abraham on Sep 01, 2016
Sep 01 2016

Rails is again affected by a major CVE, a potential cross-site scripting vulnerability (XSS) arising from a flaw in Rails’ ActionView component. The ID of the newly-identified CVE is CVE-2016-6316.

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security  Ruby on Rails

Zero False Positive XSS Detection

POSTED BY  Ajin Abraham on Dec 15, 2015
Dec 15 2015

XSS or Cross Site Scripting is a code injection vulnerability that existed from the time when javascript was created. This class of vulnerability still exists in various forms like Reflected, Stored, DOM, mXSS, rPO and is found in most of the...

Continue Reading ›

TOPICS     Vulnerabilities