Lesson 12 - OWASP Top 10 2017 - A8:2017-Insecure Deserialization

AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.

Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.

Lesson 12 Contents:

Insecure deserialization typically leads to remote code execution. Even if it doesn't, it can be used to carry out attacks, including replay attacks, injection, and privilege elevation.