Home / Linux / Paul’s Security weekly Episode: Insecure Deserialization in Java/ JVM

Paul’s Security weekly Episode: Insecure Deserialization in Java/ JVM

Aleksei Tiurin, Senior Security Researcher at Acunetix, joins Paul’s Security Weekly to talk us through “Insecure Deserialization in JAVA/JVM”!

After initial extensive research in 2015, Insecure Deserialization has been a very hot topic in the Java-world. More and more deserialization vulnerabilities are found again and again in various software with new techniques of exploitation showing up regularly. Eventually, “Insecure Deserialization” made it to the  OWASP Top 10 – 2017 list.

In this tech segment Aleksei talks about the technical reasons behind the existence of deserialization flaws and how to understand if a (de)serialization library is potentially vulnerable. Alexei, also shows how to detect these vulnerabilities as well as giving some examples of exploitation.

Watch the clip below to find out more



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Hack Naked News Episode: British Airways and NewEgg Hacks

Application Security Weekly: Reverse Proxies Using Weblogic, Tomcat, and Nginx

Posted on January 15, 2019 by Tamara Naudi Aleksei Tiurin, Senior ...