Explore a comprehensive analysis of deserialization attacks in this 35-minute conference talk from AppSecUSA 2016. Delve into the commonalities between various deserialization vulnerabilities and learn a step-by-step approach to identifying and exploiting them. Examine an originally authored exploit for a recently discovered CVE and understand the challenges of using traditional application security defenses against these threats. Discover free and open-source options for protecting against deserialization attacks. Benefit from the expertise of Arshan Dabirsiaghi, Chief Scientist at Contrast Security, as he shares insights from his extensive experience in application security research and advising large organizations.
How to Find the Next Great Deserialization CVE - AppSecUSA 2016
Overview
Syllabus
Arshan Dabirsiaghi - How To Find The Next Great Deserialization CVE - AppSecUSA 2016
Taught by
OWASP Foundation
Related Courses
-
Exploiting and Securing Vulnerabilities in Java Applications
-
The Hunt for CVE-2023-0286 - Replicating OpenSSL's Latest Vulnerability
-
Fixing the Unfixable: Solving Pervasive Vulnerabilities with RASP
-
Custom Java Deserialization Exploit - Serial Snyker
-
Automated Gadget Chain Discovery for Deserialization Vulnerability Remediation
-
CVE-2021-44228 - Log4j - Minecraft Vulnerable and So Much More
