Json Deserialization Exploitation - OWASP
Json Deserialization Exploitation
RCE by Design
1 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
contentS
1. Introduction 2. Basics 3. Exploitation 4. Summary / Further Research
2 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
DefCon 2017: "Friday the 13th: JSON Attacks" [1] Slides quite rightly point out: 2016 was the "year of Java Deserialization apocalypse" In the age of RESTful APIs and microservice architecture, the transmission of objects
shifts to a JSON or XML serialized form Usage of JSON or XML more secure?
3 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
Moritz Bechler published a paper about deserialization vulnerabilities (focused on Java JSON and XML) [5]
.Net serialization libraries are affected as well [6] OWASP Top 10 2017 RC2 [7] ranked insecure deserialization to the eighth place
4 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
Introduction
5 I OWASP Stammtisch Dresden - JSON Deserialization I 10.08.2018
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- owasp sdlc
- belgian exploitation of congo
- json array of json objects
- json string to json python
- c xml deserialization list
- convert json to json schema
- json string to json convert online
- json to json schema converter online
- json to json schema tool
- json schema to json generator
- json schema to json data
- json formatter online json editor