AppSec Tales XXIV | Deserialization

Application Security Testing for Insecure Deserialization vulnerabilities.

INTRODUCTION

The article explains how to test for Insecure Deserialization vulnerabilities when a website deserializes user-supplied data.

Serialization (marshalling or pickling) converts complex data structures, such as objects and their fields, into a “flatter” format…