OWASP Toronto - December Event - The Current State of Insecure Deserialization Vulnerabilities

16 views

Skip to first unread message

Adam Greenhill

unread,

Nov 29, 2022, 5:30:01 PM11/29/22

to Toronto Chapter

Hey everyone,

We're pleased to announce next month's OWASP Toronto chapter event. Come join us for an exciting presentation!

This month, the meetup will be virtual. The details can be found below or at the Meetup event page!

Sincerely,

Adam

-----

Details

Date/Time: December 14, 2022, 6:30 PM to 8:30 PM EDT
Location:

In-person event:

1 Snooker St,

Toronto, ON M6K 1G1

Online:

https://www.youtube.com/watch?v=p1_MCEP8n34

TALK

The Current State of Insecure Deserialization Vulnerabilities

Summary:

Insecure Deserialization has proven to be a fruitful vector for remote code execution attacks in recent years. Research into this vulnerability class has evolved, leading to a variety of attack methods and tools, which aim to bypass the growing number of mitigations attempted. In this talk, I'll review some common attack methods used in various languages and environments, and review some case studies of recently patched vulnerabilities I found interesting.

Presenter:

Guy Lederfein

* Vulnerability Researcher @ Trend Micro Security Research
* Providing analysis and detection guidance for N-day vulnerabilities disclosed in popular software used in enterprise environments.
* Background in Penetration Testing
* Web Applications, Network, Mobile, etc.
* B.Sc. in Computer Engineering

Adam Greenhill

unread,

Jan 4, 2023, 6:46:07 PM1/4/23

to Toronto Chapter, Adam Greenhill

Hi everyone,

If you're interested in downloading the slides, you can find them here: https://github.com/OWASP/www-chapter-toronto/blob/master/assets/slides/the_current_state_of_insecure_deserialization.pptx