Look-ahead Java deserialization

When Java serialization is used to exchange information
between a client and a server, attackers can try to replace the legitimate
serialized stream with malicious data. This article explains the nature of
this threat and describes a simple way to protect against it. Find out how to
stop the deserialization process as soon as an unexpected Java class is found
in the stream.


Leave a Reply