YoVDO

Attacking JSON - Vulnerabilities in Popular Parsers

Offered By: OWASP Foundation via YouTube

Tags

Application Security (AppSec) Courses Web Development Courses Cybersecurity Courses Remote Code Execution Courses Java Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security vulnerabilities in JSON parsers and other serialization formats in this 41-minute conference talk from AppSecUSA 2017. Delve into the aftermath of the 2016 Java deserialization apocalypse and examine why JSON, often recommended as a safer alternative, may still be susceptible to Remote Code Execution (RCE) attacks. Analyze popular JSON parsers in both .NET and Java, identifying potential RCE vectors and vulnerable configurations. Expand your understanding to other serialization formats, with a particular focus on .NET. Discover new vulnerable formats and learn about stable RCE gadgets in system libraries. Gain valuable insights on assessing code vulnerability, implementing remediation strategies, and exploring alternative approaches to enhance security in serialization processes.

Syllabus

Friday the 13th: Attacking JSON - Alvaro Muñoz & Oleksandr Mirosh - AppSecUSA 2017


Taught by

OWASP Foundation

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network