Specialized Testing: Deserialization

Focused View

Peter Mosmans

1:01:42

59 View

1. Course Overview

1. Course Overview.mp4

01:36

2. Understanding Insecure Deserialization

1. Course Introduction.mp4

04:22

2. Serialization and Deserialization Primer.mp4

06:02

3. Demo - Abusing Native Deserialization Process.mp4

08:16

4. Demo - Abusing YAML Deserialization Process.mp4

03:00

5. Module Summary.mp4

01:54

3. How to Find and Test for Insecure Deserialization Vulnerabilities

1. Module Introduction.mp4

01:10

2. Detecting Serialized Objects.mp4

03:23

3. Demo - Fingerprinting Serialized Objects.mp4

04:34

4. Generic Test and Attack Methodology.mp4

03:06

5. Demo - Modify Object Using Property Injection.mp4

05:35

6. Module Summary.mp4

01:15

4. Advanced Insecure Deserialization Exploits

1. Module Introduction.mp4

01:16

2. Gadget Chains.mp4

02:34

3. Demo - Create Custom Gadget Chain.mp4

04:56

4. Property-oriented Programming.mp4

02:15

5. Demo - Create Gadget Chain Using ysoserial.mp4

03:45

6. Course Summary.mp4

02:43

Description

Insecure deserialization vulnerabilities are frequently encountered in web applications. This course will teach you how to test for and exploit these vulnerabilities in web applications.

What You'll Learn?

Most web application programmers can tell you that the deserialization process can be exploited, but how? In this course, Specialized Testing: Deserialization, you’ll learn to find and exploit insecure deserialization vulnerabilities. First, you’ll explore the intricacies of the deserialization process. Next, you’ll discover how to find locations where insecure deserialization takes place, and how to test those. Finally, you’ll learn how to perform advanced insecure deserialization exploitation. When you’re finished with this course, you’ll have the skills and knowledge of insecure deserialization needed to perform specialized security testing for it.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Cyber Security

Network Security

Information Security

Cyber Security Awareness

Peter Mosmans

Instructor's Courses

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penetration testing tools, and he maintains an extra-featured OpenSSL fork. He likes to speak at international security conferences and meetings, such as OWASP, BSides, OSDC and NullCon - which mixes really well with being a permanent road warrior. Home is 127.0.0.1.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.