Json Deserialization Exploitation - OWASP
Json Deserialization Exploitation
RCE by Design
1 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
contentS
1. Introduction 2. Basics 3. Exploitation 4. Summary / Further Research
2 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
DefCon 2017: "Friday the 13th: JSON Attacks" [1] Slides quite rightly point out: 2016 was the "year of Java Deserialization apocalypse" In the age of RESTful APIs and microservice architecture, the transmission of objects
shifts to a JSON or XML serialized form Usage of JSON or XML more secure?
3 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
Moritz Bechler published a paper about deserialization vulnerabilities (focused on Java JSON and XML) [5]
.Net serialization libraries are affected as well [6] OWASP Top 10 2017 RC2 [7] ranked insecure deserialization to the eighth place
4 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
5 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- energy e cient transaction serialization
- vendor microsoft exam code 98 361 exam name software
- xml screamer an integrated approach to high performance
- owasp top 10 2017
- interlude property lists
- defensive coding a guide to improving software security
- json deserialization exploitation owasp
- jacksondeserializationvulnerabilities ncc group
- friday the 13 json attacks black hat home
- the gsoap stub and skeleton compiler for c and c 1 3