GitHub

OWASP Benchmark for Java

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by ...
GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...
USENIX

Java Call Stack

Figure 9: The stack layout. Each stack slot is labelled twice, for its role in the two overlapping frames. The slot marked `` (empty)'' is the portion of the operand stack space which does not ...