Jump to content
Nytro

Serialization Must Die: Act 1: Kryo

By Nytro, in Securitate web

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Serialization Must Die: Act 1: Kryo

 

Posted on February 12, 2016 by Arshan Dabirsiaghi

 

When @frohoff@gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the term “seriapalooza”), I thought about deserialization alternatives. Where are my customers going next? Is there greener grass? We’re going to find out. If the title of my series wasn’t spoiler enough, let me foreshadow more plainly: the grass is brown and dead, everywhere.

Today, we’re looking at Kryo, one of the “hipper” serialization libraries. We know it’s used in a lot of big software already, but it’s a library that’s probably used downstream by many, many organizations. My customers are certainly among those organizations.

Let’s take a peek.

 

Sursa: https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-1-kryo

 

 

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...