GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...
GitHub

achmand/flink-java-tutorials

In the following section we will look at different components which makes part of the Apache Flink ecosystem. The below image and the following explanation was taken from this source, big thanks to ...
InfoWorld

Basic and advanced Java serialization

Serialization is the process of converting a Java object into a sequence of bytes so they can be written to disk, sent over a network, or stored outside of memory. Later, the Java virtual machine (JVM ...
IEEE

Java Deserialization Vulnerabilities and Mitigations

Abstract: This tutorial provides developers with practical guidance for securely implementing Java Serialization. Java deserialization is a clear and present danger as its widely used both directly by ...