Day 18 of 30 Days — 30 Vulnerabilities | Insecure Deserialization

Day 18: Mastering Insecure Deserialization Vulnerability — Essential Tricks & Techniques Based on Personal Experience and Valuable POCs

[ In collaboration with Abhijeet Kumawat ( his LinkedIn | Twitter)]

Hey geeks, it4chis3c (Twitter) here with one more write-up on tricks & tips to detect Insecure Deserialization Vulnerability.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

First of all you must know about Serialization & Deserialization process in programming to better understand the mechanics behind Insecure Deserialization Vulnerability. I had written not in-depth but essentials that you must be exposed to before hunting for Insecure Deserialization Vulnerability. If you already know about these concepts, you can move directly to the “Where to Detect” Section.

How Serialization & De-serialization Works?

Serialization and deserialization are processes used in programming to convert data structures or objects into a format that can be stored, transmitted, and reconstructed later.

Serialization:

• Definition: Serialization is the process of converting an object’s state (including its data and sometimes…