YoVDO

Deserialization - What, How and Why Not

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Software Development Courses Java Courses Web Application Security Courses Insecure Deserialization Courses

Course Description

Overview

Explore the critical security risk of insecure deserialization in this AppSecUSA 2018 conference talk by Alexei Kojenov. Delve into the what, how, and why of deserialization vulnerabilities, recently added to OWASP's top 10 web application security risks. Understand the potential dangers of deserializing untrusted input, including data tampering, authentication bypass, privilege escalation, injections, and remote code execution. Examine real-world examples, such as vulnerabilities in Apache Commons and Apache Struts, through code demonstrations and live demos focusing on Java's native serialization. Learn preventive measures and best practices to avoid insecure deserialization vulnerabilities, applicable across various programming languages and formats. Gain insights from Kojenov's expertise as a Senior Product Security Engineer at Salesforce, covering topics like vulnerability discovery, secure coding, threat assessment, and incident response.

Syllabus

Intro
Demo
Prevent
Denial of Service
More sophisticated stuff
Remote code execution


Taught by

OWASP Foundation

Related Courses

Introduction to OWASP Top 10 Security Risks
A Cloud Guru
AWS SimuLearn: Cyber Security Threats
Amazon Web Services via AWS Skill Builder
AWS SimuLearn: Edge Protection
Amazon Web Services via AWS Skill Builder
Cloud Security Scanner: Qwik Start
Google via Google Cloud Skills Boost
OWASP Top 10: Broken Access Control
Codecademy