Attend OSINT Summit for FREE on Feb 11-12 and enjoy expert talks on the latest techniques and tools for gathering and analysis.

San Francisco: Virtual Edition - Live Online

Virtual, US Pacific | Mon, Nov 30, 2020 - Sat, Dec 5, 2020

SANS@Mic - Why so serious? Insecure object deserialization demystified

  • Karim Lalji
  • Tuesday, December 1st, 7:30pm - 8:30pm

US Pacific Time

Deserialization vulnerabilities have gained significant traction over the past few years, resulting in this category of weakness taking eighth place on the OWASP Top 10. Despite the severity, deserialization vulnerabilities tend to be among the less popular application exploits discussed and are frequently misunderstood by security consultants and penetration testers without a development background. This knowledge discrepancy leaves adversaries with an advantage and security professionals with a disadvantage. This presentation is designed to demystify insecure deserialization vulnerabilities including exploitation and defensive strategies on different platforms such as Java, .NET, PHP and Android.

Bio: Karim Lalji works for TELUS Business, a large national telecommunications and business consulting firm, as a Managing Security Consultant based out of Vancouver, BC. Karim is a graduate of the MSISE at SANS Technology Institute and a proud holder of the GIAC Security Expert (GSE) certification.

This SANS@Mic talk is being delivered Live Online. Register here!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, December 1
Session Speaker Time Type
SANS@Mic - Why so serious? Insecure object deserialization demystified Karim Lalji Tuesday, December 1st, 7:30pm - 8:30pm SANS@Night