The InSecure Deserialization issue in OWASP Top 10 is usually be viewed as a security researcher-only domain.
By leveraging few simple programs & 2 CVE cases, the speaker will lead audiences to dive into the root cause of this issue & how it could be exploited.
Audiences could better understand this mysterious issue & the magic of information security after this talk.
In this talk, the speaker will use both Python & Java as example languages to explain the idea of InSecure deserialization.
He will use simple codes to demonstrate how the insecure deserialization could happens & how it could be exploited by attacker.
At the end of the talk, he will reproduce CVE cases to demonstrate the real world cases happened.
IBM CDL Software Engineer
Master of Science (Computer Security), Columbia Univ.