Attacking JSON - Vulnerabilities in Popular Parsers
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security vulnerabilities in JSON parsers and other serialization formats in this 41-minute conference talk from AppSecUSA 2017. Delve into the aftermath of the 2016 Java deserialization apocalypse and examine why JSON, often recommended as a safer alternative, may still be susceptible to Remote Code Execution (RCE) attacks. Analyze popular JSON parsers in both .NET and Java, identifying potential RCE vectors and vulnerable configurations. Expand your understanding to other serialization formats, with a particular focus on .NET. Discover new vulnerable formats and learn about stable RCE gadgets in system libraries. Gain valuable insights on assessing code vulnerability, implementing remediation strategies, and exploring alternative approaches to enhance security in serialization processes.
Syllabus
Friday the 13th: Attacking JSON - Alvaro Muñoz & Oleksandr Mirosh - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Intro to Computer Science
University of Virginia via Udacity Web Development
Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX