This course will teach you the basics of serialization and deserialization, including serialization file formats, what insecure deserialization is, and how to prevent that type of vulnerability from occurring in your code.
As a developer, it is important to be familiar with common vulnerabilities that are often encountered in web application. Insecure deserialization is one of those vulnerabilities, ranking 8th in the OWASP Top 10 2017. In this course, Secure Coding: Preventing Insecure Deserialization, you will learn how to properly defend yourself against that particular vulnerability First, you will learn about the basics of serialization and deserialization, and about the various serialization file formats. Next, you will discover what insecure deserialization actually is, and how it can be exploited: In order to fix the problem, you need to know what can go wrong. Finally you will explore how to properly prevent insecure deserialization in any development language or framework. By the end of this course, you will have the secure coding skills and knowledge needed to prevent insecure deserialization vulnerabilities from creeping into your application.
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. Since 2004, he started specializing in pentesting complex and feature-rich web applications. Currently, he leads a global team of highly skilled and enthusiastic penetration testers as lead pentester.
Course Overview Hi everyone. My name is Peter Mosmans, and welcome to my course: Secure Coding: Preventing Insecure Deserialization. I'm a lead penetration tester, working for multiple companies around the globe. New in the OS top 10 of 2017, at number 8: insecure deserialization. Apparently it's deemed quite a critical risk for web applications. But what is insecure deserialization, and how can you mitigate the risks? In this course, we're going to take a look at the serialization and deserialization process. We're going to try to exploit some vulnerabilities, and we're going to see effective, secure solutions. Some of the major topics that we'll cover include: what serialization and deserialization is. The various serialization file formats. Insecure patterns that offer little to no protection, and how to securely implement and apply the serialization. By the end of this course, you'll know all about which mitigation strategies work and won't work, and why. Before beginning the course, you should be somewhat familiar with software development. The course itself is for anyone wanting to know what insecure deserialization is, and how to prevent those vulnerabilities from creeping into your code. I hope you'll join me on this journey to learn more about secure coding, with the Insecure Deserialization course, here at Pluralsight.