Exploiting The Java Deserialization Vulnerability


In the security industry, we know that operating on untrusted inputs is a significant area of risk; and for penetration testers and attackers, a frequent source of high-impact issues. Serialization is no exception to this rule, and attacks against serialization schemes are innumerable. Unfortunately, developers enticed by the efficiency and ease of reflection-based and native serialization cont... » read more