Insecure Deserialization

URI: https://gptkb.org/entity/Insecure_Deserialization
GPTKB entity
Statements (31)
Predicate Object
gptkbp:instanceOf gptkb:Security_Vulnerability
gptkbp:affects Software Applications
gptkbp:cause gptkb:Privilege_Escalation
gptkb:Denial_of_Service
gptkb:Authentication_Bypass
Remote Code Execution
Data Tampering
gptkbp:commonIn .NET Applications
Java Applications
PHP Applications
Python Applications
Ruby Applications
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkb:CWE-502
gptkbp:detects gptkb:Dynamic_Application_Security_Testing
Static Code Analysis
Manual Code Review
gptkbp:exploits Malicious Payloads
gptkbp:firstDescribed Early 2000s
gptkbp:mitigatedBy Input Validation
Avoiding Native Deserialization
Deserialization Whitelisting
Integrity Checks
gptkbp:requires User-supplied Serialized Data
gptkbp:riskFactor High
gptkbp:bfsParent gptkb:CWE-502
gptkb:FindSecBugs
gptkb:AppScan_SAST
gptkb:Software_and_Data_Integrity_Failures
gptkbp:bfsLayer 8
https://www.w3.org/2000/01/rdf-schema#label Insecure Deserialization