Serialization – How to secure a serialized JAVA object?

Question

How can I secure the serialized object if I send the serialized object over the network? I doubt that hackers may interrupt/hack my data.

can anyone tell in detail about how to implement this?

Answer

This presentation give ideas on how effectively attackers can tamper a Java serialized stream:

https://www.owasp.org/images/e/eb/OWASP_IL_2008_Shai_Chen_PT_to_Java_Client_Server_Apps.ppt

There is also the risk of injecting unsuspected behavior and inject code in case a vulnerable class exists on the server’s classpath. See this article:

[Look-ahead Java deserialization][3]

Accepted Answer

This presentation give ideas on how effectively attackers can tamper a Java serialized stream:https://www.owasp.org/images/e/eb/OWASP_IL_2008_Shai_Chen_PT_to_Java_Client_Server_Apps.pptThere is also the risk of injecting unsuspected behavior and inject code in case a vulnerable class exists on the server&#8217;s classpath. See this article:[Look-ahead Java deserialization][3]

Advertisement

Answer