Deserialization vulnerabilities
Deserialization vulnerability
Table of Contents
Serialization (marshaling)
Deserialization (unmarshaling)
Programming language support serialization
Risk for using serialization
Serialization in Java
Deserialization vulnerability in Java
Code flow work
Vulnerability Detection
CVE
Tools
Vulnerable libraries lead to RCE
Mitigation
Serialization in Python
Deserialization vulnerability in Python
Pickle instructions
Exploit vulnerability
CVE
Mitigation
Serialization in PHP
Deserialization vulnerability in PHP
Exploit vulnerability
CVE
Mitigation
Serialization in Ruby
Deserialization vulnerability in Ruby
Detect and exploit vulnerability
CVE
Tools
Mitigation
Conclusion
