YoVDO

Deserialization - What, How and Why Not

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Software Development Courses Java Courses Web Application Security Courses Insecure Deserialization Courses

Course Description

Overview

Explore the critical security risk of insecure deserialization in this AppSecUSA 2018 conference talk by Alexei Kojenov. Delve into the what, how, and why of deserialization vulnerabilities, recently added to OWASP's top 10 web application security risks. Understand the potential dangers of deserializing untrusted input, including data tampering, authentication bypass, privilege escalation, injections, and remote code execution. Examine real-world examples, such as vulnerabilities in Apache Commons and Apache Struts, through code demonstrations and live demos focusing on Java's native serialization. Learn preventive measures and best practices to avoid insecure deserialization vulnerabilities, applicable across various programming languages and formats. Gain insights from Kojenov's expertise as a Senior Product Security Engineer at Salesforce, covering topics like vulnerability discovery, secure coding, threat assessment, and incident response.

Syllabus

Intro
Demo
Prevent
Denial of Service
More sophisticated stuff
Remote code execution


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube