Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Deserialization Exploits in Java - Why Should I Care?

Devoxx via YouTube

Overview

Explore the critical security vulnerabilities associated with deserialization in Java through this informative 48-minute conference talk from Devoxx. Delve into why hackers consider Java deserialization "the gift that keeps on giving" and understand how these vulnerabilities extend beyond Java's custom serialization framework to include JSON, XML, and YAML deserialization. Learn about the mechanics of deserialization vulnerabilities in Java, the creation of attack chains, and the recent Log4j deserialization issues. Through various demonstrations, gain insights into different security problems that can arise during data deserialization. Discover mitigation strategies to protect your applications, including new features in Java 17. By the end of this talk, acquire a comprehensive understanding of deserialization vulnerabilities and actionable knowledge to enhance the security of your Java code.

Syllabus

Deserialization exploits in Java: why should I care? by Brian Vermeer

Taught by

Devoxx

Reviews

Start your review of Deserialization Exploits in Java - Why Should I Care?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.