adporn.net Insecure deserialization - JavaScript Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Foundational JavaScript Security

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Insecure deserialization

Insecure deserialization - JavaScript Tutorial

From the course: Foundational JavaScript Security

Start my 1-month free trial Buy for my team

Insecure deserialization

“

- [Instructor] Before we talk about insecure deserialization, let's talk about what deserialization is, If you're not familiar with the term. In short, deserialization is the transformation of data coming from a file or the network, typically from a JSON or XML format into an object that your application can read. So when you hear about serialization, well it's the opposite, where the object is serialized into a readable JSON format when transferred through the network. Most frameworks have methods that do this automatically for us. So what is insecure deserialization? It's when hackers exploit on trusted data to render the applications resources useless. Like a denial of service attack or even execute code inside your application. To remedy this, there are several ways and packages that exist. Feel free to use which one you prefer when serializing and deserializing your data. As long as they don't use the JS method,…

Contents