Saniye NurUnderstanding Insecure Deserialization: Risks and MitigationsUser-provided input has long been a significant source of vulnerabilities, presenting ongoing risks across many platforms and applications…May 23
Shadrack KipkoechGSON throwing “Expected BEGIN_OBJECT but was BEGIN_ARRAY”?I recently faced this issue while working on my project, which involved handling API responses. Encountering the “Expected BEGIN_OBJECT but…Sep 7, 2023
Truong BuiSerialization and Deserialization of Java JSON & XML librariesSerialization and Deserialization are essential for making API calls to exchange data. They’re key to how fast these calls work. In my…May 4May 4
Jay WanderyInsecure De-serializationSerialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be…Jan 6Jan 6
Akshit PalInsecure deserialization Explained: Exploiting deserialization vulnerabilities in mobile…Key HighlightsMar 28Mar 28
Saniye NurUnderstanding Insecure Deserialization: Risks and MitigationsUser-provided input has long been a significant source of vulnerabilities, presenting ongoing risks across many platforms and applications…May 23
Shadrack KipkoechGSON throwing “Expected BEGIN_OBJECT but was BEGIN_ARRAY”?I recently faced this issue while working on my project, which involved handling API responses. Encountering the “Expected BEGIN_OBJECT but…Sep 7, 2023
Truong BuiSerialization and Deserialization of Java JSON & XML librariesSerialization and Deserialization are essential for making API calls to exchange data. They’re key to how fast these calls work. In my…May 4
Jay WanderyInsecure De-serializationSerialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be…Jan 6
Akshit PalInsecure deserialization Explained: Exploiting deserialization vulnerabilities in mobile…Key HighlightsMar 28
Conor O'NeillinTenable TechBlogAchieving RCE on Tomcat via CVE-2016–8735 — A Proof of ConceptIntroductionMar 8, 2019
Francesco Soncina (phra)inABN AMRO — Red TeamJava Deserialization — From Discovery to Reverse Shell on Limited EnvironmentsBy Ahmed Sherif & Francesco SoncinaOct 30, 2018