CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
May 4-6 at Taipei Nangang Exhibition Center, Hall 2
Taiwan's Cybersecurity Researchers
701 Vulnerability Research Lab
-
May 6th (Thu)
15:45 - 16:15
7F 701H
Brief Analysis of Insecure Deserialization with CVE cases
The InSecure Deserialization issue in OWASP Top 10 is usually be viewed as a security researcher-only domain.
By leveraging few simple programs & 2 CVE cases, the speaker will lead audiences to dive into the root cause of this issue & how it could be exploited.
Audiences could better understand this mysterious issue & the magic of information security after this talk.
In this talk, the speaker will use both Python & Java as example languages to explain the idea of InSecure deserialization.
He will use simple codes to demonstrate how the insecure deserialization could happens & how it could be exploited by attacker.
At the end of the talk, he will reproduce CVE cases to demonstrate the real world cases happened.
Peter Chi
Professional Experience :
- Team Leader of Security Audit Team @ Cyber Security Defense Department, Rakuten Group, Inc.
- Globalization Software Engineer @ User Experience Lab, IBM
- Computer Science Master on Computer Security from Columbia Univ.
- Security Enthusiast (OSCP/ eWPT/ eWPTX/ SSCP)