Deserialization - What, How and Why Not
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the critical security risk of insecure deserialization in this AppSecUSA 2018 conference talk by Alexei Kojenov. Delve into the what, how, and why of deserialization vulnerabilities, recently added to OWASP's top 10 web application security risks. Understand the potential dangers of deserializing untrusted input, including data tampering, authentication bypass, privilege escalation, injections, and remote code execution. Examine real-world examples, such as vulnerabilities in Apache Commons and Apache Struts, through code demonstrations and live demos focusing on Java's native serialization. Learn preventive measures and best practices to avoid insecure deserialization vulnerabilities, applicable across various programming languages and formats. Gain insights from Kojenov's expertise as a Senior Product Security Engineer at Salesforce, covering topics like vulnerability discovery, secure coding, threat assessment, and incident response.
Syllabus
Intro
Demo
Prevent
Denial of Service
More sophisticated stuff
Remote code execution
Taught by
OWASP Foundation
Related Courses
Introduction to OWASP Top 10 Security RisksA Cloud Guru AWS SimuLearn: Cyber Security Threats
Amazon Web Services via AWS Skill Builder AWS SimuLearn: Edge Protection
Amazon Web Services via AWS Skill Builder Cloud Security Scanner: Qwik Start
Google via Google Cloud Skills Boost OWASP Top 10: Broken Access Control
Codecademy