HolyGhost logoHolyGhost

#deserialization

1 post

Analysis

Insecure Deserialization: Trusting a Blob of Bytes Too Much

Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.

8 min read·#deserialization#web-security#rce