How it works...
As with many other cases that use of a complex technology, if it is not properly configured and implemented, it may lead to the weakening of the security posture of an application. Evaluate whether such a technology is strictly necessary or the best choice available, and if it is not, do not use it.
By hashing or generating a checksum of the outgoing object and checking that value when an object is received, the application will be able to identify when an object has been modified by the user or some entity in the middle and then discard it to prevent security risks.
Following the Security in Depth philosophy, if a serialization attack is successful and the attacker gains command execution on our server, the user under which ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access