Explore the critical security vulnerabilities associated with deserialization in Java through this informative 48-minute conference talk from Devoxx. Delve into why hackers consider Java deserialization "the gift that keeps on giving" and understand how these vulnerabilities extend beyond Java's custom serialization framework to include JSON, XML, and YAML deserialization. Learn about the mechanics of deserialization vulnerabilities in Java, the creation of attack chains, and the recent Log4j deserialization issues. Through various demonstrations, gain insights into different security problems that can arise during data deserialization. Discover mitigation strategies to protect your applications, including new features in Java 17. By the end of this talk, acquire a comprehensive understanding of deserialization vulnerabilities and actionable knowledge to enhance the security of your Java code.
Deserialization Exploits in Java - Why Should I Care?
Overview
Syllabus
Deserialization exploits in Java: why should I care? by Brian Vermeer
Taught by
Devoxx
Related Courses
-
Remote Code Execution via Java Native Deserialization
-
Pwning Your Java Messaging With Deserialization Vulnerabilities
-
Wargames - Java Vulnerabilities and Why You Should Care
-
The Anatomy of Java Vulnerabilities
-
ODDFuzz - Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing
-
Wargames - Java Vulnerabilities and Why You Should Care
