Simple play icon Course

Specialized Testing: Deserialization

by Peter Mosmans

Insecure deserialization vulnerabilities are frequently encountered in web applications. This course will teach you how to test for and exploit these vulnerabilities in web applications.

What you'll learn

Most web application programmers can tell you that the deserialization process can be exploited, but how? In this course, Specialized Testing: Deserialization, you’ll learn to find and exploit insecure deserialization vulnerabilities. First, you’ll explore the intricacies of the deserialization process. Next, you’ll discover how to find locations where insecure deserialization takes place, and how to test those. Finally, you’ll learn how to perform advanced insecure deserialization exploitation. When you’re finished with this course, you’ll have the skills and knowledge of insecure deserialization needed to perform specialized security testing for it.

About the author

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet... more

Ready to upskill? Get started