Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Web Penetration Testing Cookbook

You're reading from   Kali Linux Web Penetration Testing Cookbook Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher Packt
ISBN-13 9781788991513
Length 404 pages
Edition 2nd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Setting Up Kali Linux and the Testing Lab FREE CHAPTER 2. Reconnaissance 3. Using Proxies, Crawlers, and Spiders 4. Testing Authentication and Session Management 5. Cross-Site Scripting and Client-Side Attacks 6. Exploiting Injection Vulnerabilities 7. Exploiting Platform Vulnerabilities 8. Using Automated Scanners 9. Bypassing Basic Security Controls 10. Mitigation of OWASP Top 10 Vulnerabilities 11. Other Books You May Enjoy

A8 – Implementing object serialization and deserialization

Serialization is the process of transforming a data structure or object into a format that can be transmitted, in our case, within an HTTP request or response. Deserialization is the opposite process.

When an object is serialized, let's say, to a JSON string, and sent from a server to a client or vice versa, an attacker can see and understand the contents of the object and change them so that when the other end receives the serialized object and deserializes it to put it back into an object format, it interprets the changed content as executable code and executes it. This is the most common scenario of a deserialization attack.

In this recipe, we will see the measures that developers should take in order to make their applications more secure when implementing a serialization/deserialization mechanism.

...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image