Exploiting and Preventing Deserialization Vulnerabilities
嚜激xploiting and
Preventing
Deserialization
Vulnerabilities
Wesley Wineberg
OWASP Vancouver 2020
?
Wesley Wineberg
?
12 years in computer security 每 Synack, Microsoft
Red Team, etc
?
Offensive security
?
Vansec Regular
?
First time OWASP!
Introduction
Data Serialization
?
Serialization is a way to record structured data
?
Usually you are taking an ※object§ from an application and writing it
to file or to the network
?
Example:
每
每
Converting an object record into JSON
Object
?
?
每
Name: John
ID: 53
JSON
?
{※Name§:§John§, ※ID§:53}
Serialization 101
?
Deserialization is the same but in reverse ?
?
Taking a written set of data and read it into an object
?
There are ※deserialization§ not ※serialization§ vulnerabilities
because objects in memory are usually safe for serialization. Users
however can provide malicious data for deserialization.
?
Think of counterfeit money
每
每
The Mint / banks give you real money
People try to give banks fake money
Deserialization 101
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- preventing wrong site surgery
- preventing colds and flu flyer
- preventing polypharmacy in the elderly
- preventing spinal stenosis
- preventing lymphedema after mastectomy
- cdc preventing spread of infection
- preventing strains at work
- preventing adverse drug events
- preventing constipation after surgery
- preventing galvanic corrosion in aluminum
- preventing influenza
- preventing ticks on dogs naturally