Yahoo India Web Search

Sign In

Search results

  1. portswigger.net › web-security › deserializationInsecure deserialization | Web Security Academy - PortSwigger

    Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pass harmful data into the application code. It is even possible to replace a serialized object with an object of an entirely different class.

  2. cheatsheetseries.owasp.org › cheatsheets › Deserialization_Cheat_SheetDeserialization - OWASP Cheat Sheet Series

    Introduction. This article is focused on providing clear, actionable guidance for safely deserializing untrusted data in your applications. What is Deserialization. Serialization is the process of turning some object into a data format that can be restored later.

  3. www.acunetix.com › blog › articlesWhat is Insecure Deserialization? | Acunetix

    Dec 7, 2017 · Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top 10 2017 list.

  4. owasp.org › www-project-top-ten › 2017OWASP Top Ten 2017 | A8:2017-Insecure Deserialization - OWASP...

    It is expected that prevalence data for deserialization flaws will increase as tooling is developed to help identify and address it. The impact of deserialization flaws cannot be overstated. These flaws can lead to remote code execution attacks, one of the most serious attacks possible.

  5. portswigger.net › web-security › deserializationExploiting insecure deserialization vulnerabilities | Web...

    Exploiting insecure deserialization vulnerabilities. In this section, we'll teach you how to exploit some common scenarios using examples from PHP, Ruby, and Java deserialization. We hope to demonstrate how exploiting insecure deserialization is actually much easier than many people believe.

  6. learn.snyk.io › lesson › insecure-deserializationInsecure Deserialization | Tutorials & Examples | Snyk Learn

    Deserialization is the opposite process, converting byte stream into application data. Insecure deserialization is a vulnerability that occurs when attacker-controlled data is deserialized by the server. In the worst case, it can lead to remote code execution.

  7. snynr.medium.com › understanding-insecure-deserialization-risks-and-mitigationsUnderstanding Insecure Deserialization: Risks and Mitigations

    May 23, 2024 · Insecure deserialization is a security vulnerability that occurs when untrusted data is used to abuse the logic of an application by manipulating serialized objects. This can lead...

  8. www.techtarget.com › searchsecurity › definitionWhat is insecure deserialization? | Definition from TechTarget

    Insecure deserialization is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application. Serialization is the process that converts an object to a format that can later be restored.

  9. hackerwhite.com › vulnerability101 › web-applicationInsecure Deserialization Vulnerability: Understanding &...

    Insecure Deserialization is a vulnerability that can pose significant risks to web applications and their users. It occurs when an application deserializes untrusted data without proper validation, allowing attackers to execute malicious code or perform unauthorized actions.

  10. blog.certcube.com › insecure-deserialization-foundationsInsecure Deserialization Foundations

    May 13, 2024 · Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pass harmful data into the application code. It is even possible to replace a serialized object with an object of an entirely different class.