Marshalling Pickles - How Deserializing Objects Can Ruin Your Day

Explore the dangers of object deserialization in this comprehensive conference talk from OWASP AppSec California 2015. Delve into historical and modern vulnerabilities across Python, Ruby, and Java, learning how attackers can exploit these issues to achieve code execution. Discover strategies to protect applications from serialization-based attacks. Gain insights from Chris Frohoff and Gabriel Lawrence, experienced cybersecurity professionals from Qualcomm, as they share their expertise on application security, penetration testing, and incident response. Understand the risks associated with deserializing objects from untrusted data and learn how to safeguard your applications against these threats.