OWASP Top 10: A8 – Insecure Deserialization

Object-oriented programming is common when writing scripts as well as during software development. OOP treats items as objects that have properties and methods as opposed to treating command output as a simple string. In this course youll learn about OOP along with some syntax examples. Youll explore how programming objects become serialized and deserialized and how this can present a security risk to web applications. Next youll examine how deserialization works in PowerShell as well as how to execute a deserialization attack against an intentionally vulnerable web application. Lastly youll learn how to prevent deserialization attacks from succeeding.