Java Serialisation – the gift that keeps on taking (Part 3)

In the previous post we  examine particular Java Serialisation characteristics and design points that had a few unexpected consequences.  In this post we'll explore more around exploiting serialisation datastreams.  How it's possible to compromise systems silently and in different ways: from changing data, running arbitrary code or even crashing systems.  

The post Java Serialisation – the gift that keeps on taking (Part 3) appeared first on Security Boulevard.

cybersecurity deserialization java serialization