SANS@Mic - Why so serious? Insecure object deserialization demystified
- Karim Lalji
- Tuesday, December 1st, 7:30pm - 8:30pm
US Pacific Time
Deserialization vulnerabilities have gained significant traction over the past few years, resulting in this category of weakness taking eighth place on the OWASP Top 10. Despite the severity, deserialization vulnerabilities tend to be among the less popular application exploits discussed and are frequently misunderstood by security consultants and penetration testers without a development background. This knowledge discrepancy leaves adversaries with an advantage and security professionals with a disadvantage. This presentation is designed to demystify insecure deserialization vulnerabilities including exploitation and defensive strategies on different platforms such as Java, .NET, PHP and Android.
Bio: Karim Lalji works for TELUS Business, a large national telecommunications and business consulting firm, as a Managing Security Consultant based out of Vancouver, BC. Karim is a graduate of the MSISE at SANS Technology Institute and a proud holder of the GIAC Security Expert (GSE) certification.
This SANS@Mic talk is being delivered Live Online. Register here!
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, December 1
| Session | Speaker | Time | Type |
|---|---|---|---|
| SANS@Mic - Why so serious? Insecure object deserialization demystified | Karim Lalji | Tuesday, December 1st, 7:30pm - 8:30pm | SANS@Night |
