owaspsd-deserialize-my-shorts
Deserialization discussion
A presentation and discussion on the security risks of deserialization in Java object graphs.
Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
5 stars
4 watching
2 forks
Language: CSS
last commit: over 9 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 tailrecursion/cljson | A Clojure/ClojureScript library for accelerating JSON data deserialization in browser applications. | 62 |
 ioactive/burpjdser-ng | A tool to deserialize Java objects to XML and load classes/jars dynamically. | 15 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 587 |
 kbss-cvut/jb4jsonld | A Java library for serializing and deserializing objects to JSON-LD format using annotations. | 12 |
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 497 |
 directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |
 androidalliance/edgeeffectoverride | A library to override custom colors for the edge effect used by common Android UI components | 642 |
 artsploit/yaml-payload | A utility for generating deserialization payloads in SnakeYAML format to exploit certain security vulnerabilities | 570 |
 kantega/notsoserial | An agent that prevents deserialization attacks by making certain classes unserializable | 186 |
 nccgroup/freddy | A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. | 574 |
 cschneider4711/swat | An agent-based tool to create and manage a whitelist of whitelisted classes for protection against malicious Java deserialization attacks | 29 |
 mogwailabs/rmi-deserialization | Demonstrating vulnerabilities in Java RMI services | 101 |
 ashikahmad/sugaranchor | A syntactic sugar library that simplifies layout constraints in iOS apps | 20 |