November 2019
Beginner
550 pages
13h 14m
English
Serialization is the process of converting an object into a smaller byte size to either transmit or store the object in a file, database, or even memory. This process allows the object to maintain its state in order to be assembled/recreated when needed. However, the opposite of serialization is called deserialization. This is the process of recreating an object from the stream of data (bytes) into its original form.
Insecure deserialization happens when untrusted data is used to abuse the logic of an application, create a denial-of-service attack, or execute malicious code on the web application/page/server. In an insecure deserialization attack, the attacker can execute remote code on the target web server.
Read now
Unlock full access