Skip to main content

Pierre Ernst: Look-ahead Java deserialization

Look-ahead Java deserialization: When Java serialization is used to exchange information between a client and a server, attackers can try to replace the legitimate serialized stream with malicious data. This article explains the nature of this threat and describes a simple way to protect against it. Find out how to stop the deserialization process as soon as an unexpected Java class is found...

Community: General