Java Serialisation - The Gift That Keeps on Taking (Part 3)

By Steve Poole on July 02, 2022 Cybersecurity

7 minute read time

Part 3 of our issues with Java serialisation shares a deep dive into gadget chains and denial of service attacks.
Read More...

Java Serialisation - The Gift That Keeps on Taking (Part 2)

By Steve Poole on March 30, 2022 open source security

8 minute read time

Part two of our Java serialization series: the unexpected consequences of design and how the data stream can be compromised.
Read More...

Java Serialisation - The Gift That Keeps on Taking (Part 1)

By Steve Poole on March 11, 2022 java

6 minute read time

Log4Shell impels us to review the reasons Java needs serialisation, how to use it safely, and what other options exist. Here in part 1, we examine design.
Read More...