People don't talk about parser mismatch vulnerabilities enough, and I'm not sure how many people even know what they are. Which is sad, because they're one of my favorites to exploit when I find them, and they can be super nasty to fix.

So here, have a blog post:

Second part is up: What to actually do about parser mismatch vulnerabilities!

I'd be especially curious to hear if people can think of any approaches other than the ones I listed and discussed.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.