Web: http://arxiv.org/abs/2303.07593

March 15, 2023, 1:10 a.m. | Sicong Cao, Xiaobing Sun, Xiaoxue Wu, Lili Bo, Bin Li, Rongxin Wu, Wei Liu, Biao He, Yu Ouyang, Jiajia Li

cs.CR updates on arXiv.org arxiv.org

Java (de)serialization is prone to causing security-critical vulnerabilities
that attackers can invoke existing methods (gadgets) on the application's
classpath to construct a gadget chain to perform malicious behaviors. Several
techniques have been proposed to statically identify suspicious gadget chains
and dynamically generate injection objects for fuzzing. However, due to their
incomplete support for dynamic program features (e.g., Java runtime
polymorphism) and ineffective injection object generation for fuzzing, the
existing techniques are still far from satisfactory.

In this paper, we first …

deserialization gadget java java deserialization mining object

More from arxiv.org / cs.CR updates on arXiv.org

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece

IT and process Control Security Architect

@ Statkraft | Oslo, Norway

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States

Senior Platform Security Engineer

@ Block | Melbourne, Australia

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

Cybersecurity Analyst

@ Visa | Bengaluru, India

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States