Analysis
Insecure Deserialization: Trusting a Blob of Bytes Too Much
Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.
8 min read·#deserialization#web-security#rce