CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
701 Vulnerability Research Lab
  • May 6th (Thu)
  • 15:45 - 16:15
  • 7F 701H

Brief Analysis of Insecure Deserialization with CVE cases

The InSecure Deserialization issue in OWASP Top 10 is usually be viewed as a security researcher-only domain. 

By leveraging few simple programs & 2 CVE cases, the speaker will lead audiences to dive into the root cause of this issue & how it could be exploited. 

Audiences could better understand this mysterious issue & the magic of information security after this talk.

In this talk, the speaker will use both Python & Java as example languages to explain the idea of InSecure deserialization.

He will use simple codes to demonstrate how the insecure deserialization could happens & how it could be exploited by attacker.

At the end of the talk, he will reproduce CVE cases to demonstrate the real world cases happened.

Intermediate
Application Security Testing Exploit of VulnerabilityPenetration Testing
Peter Chi

Peter Chi

Staff Software Engineer, IBM

IBM CDL Software Engineer

Master of Science (Computer Security), Columbia Univ. 

OSCP,OSCE,eWPT,eWPTX certified

Security Enthusiast