Menu

Serial Killer: Silently Pwning Your Java Endpoints

  • Friday, March 4, 2016 | 11:20 AM – 12:10 PM | West | Room: 3006

View all Sessions

Java systems need to exchange serialized data and objects. If attackers control data being deserialized, your applications may be in danger. This talk presents vulns found in libs from XStream, JBoss, Java and Apache, allowing attackers to run arbitrary code during deserialization (live demo). Key takeaways: how to find these nuggets in pentests and code reviews, and how to protect your apps.

Participants

This document was retrieved from https://www.rsaconference.com/events/us16/agenda/sessions/2389/serial-killer-silently-pwning-your-java-endpoints on Sun, 04 Dec 2016 13:20:08 -0500.
© 2016 EMC Corporation. All rights reserved.