Json Deserialization Exploitation - OWASP
Json Deserialization Exploitation
RCE by Design
1 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
contentS
1. Introduction 2. Basics 3. Exploitation 4. Summary / Further Research
2 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
DefCon 2017: "Friday the 13th: JSON Attacks" [1] Slides quite rightly point out: 2016 was the "year of Java Deserialization apocalypse" In the age of RESTful APIs and microservice architecture, the transmission of objects
shifts to a JSON or XML serialized form Usage of JSON or XML more secure?
3 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
Moritz Bechler published a paper about deserialization vulnerabilities (focused on Java JSON and XML) [5]
.Net serialization libraries are affected as well [6] OWASP Top 10 2017 RC2 [7] ranked insecure deserialization to the eighth place
4 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
5 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- object serialization formats and techniques a review
- ser321 principles of distributed software systems 2
- lab 12 web technologies 2 data serialization
- experiences with json and xml transformations
- serialization tutorial arduinojson efficient json
- json deserialization exploitation owasp
- internet engineering task force ietf m jones json web
- json web signature json serialization jws js
- network working group d crockford category informational