Java Serialisation - the gift that keeps on taking (Part 3)

Java Serialisation - the gift that keeps on taking (Part 3)

In the previous post we  examine particular Java Serialisation characteristics and design points that had a few unexpected consequences.  In this post we'll explore more around exploiting serialisation datastreams.  How it's possible to compromise systems silently and in different ways: from changing data, running arbitrary code or even crashing systems.  

Article Link: Java Serialisation - the gift that keeps on taking (Part 3)