Json Deserialization Exploitation - OWASP

Json Deserialization Exploitation

RCE by Design

1 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018

contentS

1. Introduction 2. Basics 3. Exploitation 4. Summary / Further Research

2 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018

Introduction

DefCon 2017: "Friday the 13th: JSON Attacks" [1] Slides quite rightly point out: 2016 was the "year of Java Deserialization apocalypse" In the age of RESTful APIs and microservice architecture, the transmission of objects

shifts to a JSON or XML serialized form Usage of JSON or XML more secure?

3 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018

Introduction

Moritz Bechler published a paper about deserialization vulnerabilities (focused on Java JSON and XML) [5]

.Net serialization libraries are affected as well [6] OWASP Top 10 2017 RC2 [7] ranked insecure deserialization to the eighth place

4 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018

Introduction

5 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Json Deserialization Exploitation - OWASP

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches

Json Deserialization Exploitation - OWASP

Json serialization c

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches