In this page, I'll link findings I never got around to write a full blog about.

-
Product
Summary
Link
Golang
CVE-2019-14809 - Hostname spoofing via crafted URLs
SameTime, MSN Messenger, Yahoo Messenger
Slides from the presentation I gave at OWASP 2015
Chrome XSS Auditor
Bypass through HTTP Parameter Pollution (2012)