Why We Hate Java Serialization and What We're Doing About It
Offered By: Devoxx via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the controversial topic of Java Serialization in this 53-minute Devoxx conference talk by Brian Goetz and Stuart Marks. Delve into the historical context of Java Serialization, its intended purposes, and why it has become one of the most criticized features of Java. Examine the fundamental design flaws that have led to numerous bugs and security vulnerabilities in Java applications, libraries, and the JDK itself. Learn about the costs and challenges associated with serialization that cannot be ignored, even in code that doesn't explicitly use it. Discover potential new mechanisms being explored to replace the current Java Serialization, focusing on better integration with the language model and explicit source code representation. Gain insights into the future direction of serialization in Java, including efforts to enhance verifiability, reasoning, and security. Follow along as the speakers analyze specific examples of JDK bugs caused by serialization design decisions and discuss the long road ahead for improving this critical aspect of the Java platform.
Syllabus
Intro
Everyone hates serialization
What's with all the hate?
The benefits...
and the costs
Serialization mechanics
Casualty: thread safety
Casualty: initialization mechanics
Casualty: confinement
Effective Java, Item 88
Special bonus attack: finalization
Serialization scorecard
Lessons
Why not "just" use JSON?
A language designer looks at serialization
The root problems
Banishing the magic
Deserialization is construction
Digression: pattern matching
Serialization is deconstruction
Versioning
Access control
Towards better serialization
The bad news
The long road ahead
Summary
Taught by
Devoxx
Related Courses
Blockchain Scalability and its Foundations in Distributed SystemsThe University of Sydney via Coursera Cloud Security Scanner: Qwik Start
Google via Google Cloud Skills Boost OWASP Top 10 - 2021
Cybrary Secure Development, Programming, and Coding with Veracode
Cybrary Risk Management and Security Vulnerabilities
Coventry University via FutureLearn