Java Serialization Filtering - Prevent 0-day Security Vulnerabilities

I’ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM. In the world of C, we could just write a struct into a file but this was always problematic. It wasn’t portable and had many issues. But for Java we could just write the class and it “worked”. This was pure magic!

Java was still mostly in use in the client side and when we thought about security, we …

class client concept developer file java magic portable productivity security serialization tutorial vulnerabilities world