OWASP Top 10: A8 – Insecure Deserialization

Object-oriented programming is common when writing scripts as well as during software development. OOP treats items as objects that have properties and methods as opposed to treating command output as a simple string. In this course you ll learn about OOP along with some syntax examples. You ll explore how programming objects become serialized and deserialized and how this can present a security risk to web applications. Next you ll examine how deserialization works in PowerShell as well as how to execute a deserialization attack against an intentionally vulnerable web application. Lastly you ll learn how to prevent deserialization attacks from succeeding.