![]() ![]() Deserialization converts the format back into a “live” object. The process of serialization converts a “live” object (structure and/or state), like a Java object, into a format that can be sent over the network, or stored in memory or on disk. ![]() In this blog post we will explain what insecure deserialization vulnerabilities are, show the growing trend of attacks exploiting these vulnerabilities and explain what attackers do to exploit them (including real-life attack examples). To make things worse, many of these attacks are now launched with the intent of installing crypto-mining malware on vulnerable web servers, which gridlocks their CPU usage. Our analysis shows that, in the past three months, the number of deserialization attacks has grown by 300 percent on average, turning them into a serious security risk to web applications. In doing so, we’ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year. Imperva’s research group is constantly monitoring new web application vulnerabilities.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |