Back To Schedule
Wednesday, January 28 • 10:30am - 11:30am
Marshalling Pickles: How Deserializing Objects Will Ruin Your Day

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Object serialization technologies allow programs to easily convert in-memory objects to and from various binary and textual data formats for storage or transfer – but with great power comes great responsibility, because deserializing objects from untrusted data can ruin your day. We will look at historical and modern vulnerabilities across different languages and serialization technologies, including Python, Ruby, and Java, and show how to exploit these issues to achieve code execution. We will also cover some strategies to protect applications from these types of attacks.

avatar for Chris Frohoff

Chris Frohoff

Cyber Security Engineer, Qualcomm
Chris Frohoff is a Cyber Security Engineer at Qualcomm with a focus on Application Security; he performs Application Security Assessments and Penetration Tests, and sometimes dabbles in Incident Response, Reverse Engineering, and general research mischief. In a former life, Chris... Read More →
avatar for Gabriel Lawrence

Gabriel Lawrence

Application Security Team Lead, Qualcomm
Gabriel Lawrence leads the Application Security team at Qualcomm, doing Application Security Assessments, Penetration Tests, Incident Response, Reverse Engineering, and anything else that comes his way. He's developed enterprise applications, founded three startups, and run Information... Read More →

Wednesday January 28, 2015 10:30am - 11:30am PST
Annenberg Community Beach House: Track 4 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (1)