Projects. Prominent research projects and open-source software.

*** This Page Is Outdated *** Please refer to Doyensec's Research Page for the list of projects I've worked on in recent years.

SerialKiller Logo


Java deserialization vulnerabilities have recently gained popularity due to a renewed interest from the security community. Despite being publicly discussed for several years, a significant number of Java based products are still affected. In the wake of recent security advisories, I've created a library that can be used to protect J2EE applications. SerialKiller is an easy-to-use look-ahead Java deserialization library; it inspects Java classes during naming resolution and allows a combination of blacklisting/whitelisting to secure applications.

Parrot NG Logo

Parrot NG

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461. It is implemented in Java, and can be used as stand-alone software or Burp Pro passive scanner plugin. Thanks to this tool, me and Mauro Gentile were able to conduct a large scale analysis on popular websites, resulting in the identification of numerous Alexa Top 50 sites vulnerable to this Same Origin Policy bypass.

Blazer Logo

AMF Blazer

Blazer is a custom Flash AMF messages generator with fuzzing capabilities, developed as a Burp Suite plugin. Blazer implements a new testing approach, introduced at Black Hat USA 2012, that allows researchers to improve coverage during AMF testing. It is designed to make AMF testing easy, and yet allow full control over the entire security testing process.

HPP Logo

HTTP Parameter Pollution

In 2009, me and Stefano Di Paola presented a new class of vulnerabilities named HTTP Parameter Pollution (HPP) which affects both server and client components. Supplying multiple occurences of the same HTTP parameter may cause an application to interpret values in unexpected ways, leading to numerous critical flaws.

BlueBag Logo


From May 2006 to May 2007, together with Claudio Merloni, we developed a covert bluetooth attack and infection device: the BlueBag. Hidden in a traditional (blue) suitcase, a relatively complex mix of hardware and software made it possible to study weaknesses and possible attacks against bluetooth-enabled devices.


Java.String Eclipse Checker

During my last two years at the Politecnico of Milano university, I designed and implemented a pioneeristic static analysis methodology for J2EE applications. The core engine was implemented as an Eclipse plugin: Java.String Eclipse Checker (JSEC). The tool is capable of detecting software vulnerabilities (mainly XSS, SQL Injection) in modern Java web applications.