Aleksei Tiurin, Senior Security Researcher at Acunetix, joins Paul’s Security Weekly to talk us through “Insecure Deserialization in JAVA/JVM”!

After initial extensive research in 2015, Insecure Deserialization has been a very hot topic in the Java-world. More and more deserialization vulnerabilities are found again and again in various software with new techniques of exploitation showing up regularly. Eventually, “Insecure Deserialization” made it to the  OWASP Top 10 – 2017 list.

In this tech segment Aleksei talks about the technical reasons behind the existence of deserialization flaws and how to understand if a (de)serialization library is potentially vulnerable. Alexei, also shows how to detect these vulnerabilities as well as giving some examples of exploitation.

Watch the clip below to find out more

SHARE THIS POST
THE AUTHOR
Tamara Naudi
Marketing Manager
Tamara started off her career with Acunetix in 2005. Since then she has witnessed the company grow into a leader in the web security sphere.