OWASP Top Ten: Number 08

owasp logo

Insecure Deserialization

Insecure Deserialization is when unknown or manipulated object is injected into a web application.

This could be SQL injection, path traversal or any number of types of data in order to exploit the system.

Insecure Deserialization can be prevented in applications by not accepting serialized objects from untrusted sources. You could also implement integrity checks and type constraints.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.