This article aims to explain the risks posed by the Insecure Deserialization vulnerability using a typical attack vector against it. Insecure Deserialization is one of the Top-Ten most critical security risks to web applications according to OWASP.
- Covering some basics concepts of serialization and deserialization to understand this vulnerability.
- Identifying where the vulnerability is situated.
- Setting up the lab and understanding the application to perform the attack vector.
- Exploiting the Insecure Deserialization.