August 2018
Intermediate to advanced
404 pages
10h 22m
English
Serialization is the process of transforming a data structure or object into a format that can be transmitted, in our case, within an HTTP request or response. Deserialization is the opposite process.
When an object is serialized, let's say, to a JSON string, and sent from a server to a client or vice versa, an attacker can see and understand the contents of the object and change them so that when the other end receives the serialized object and deserializes it to put it back into an object format, it interprets the changed content as executable code and executes it. This is the most common scenario of a deserialization attack.
In this recipe, we will see the measures that developers ...
Read now
Unlock full access