This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 28 • 10:30am - 11:30am
Marshalling Pickles: How Deserializing Objects Will Ruin Your Day

Sign up or log in to save this to your schedule and see who's attending!

Object serialization technologies allow programs to easily convert in-memory objects to and from various binary and textual data formats for storage or transfer – but with great power comes great responsibility, because deserializing objects from untrusted data can ruin your day. We will look at historical and modern vulnerabilities across different languages and serialization technologies, including Python, Ruby, and Java, and show how to exploit these issues to achieve code execution. We will also cover some strategies to protect applications from these types of attacks.

avatar for Chris Frohoff

Chris Frohoff

Cyber Security Engineer, Qualcomm
Chris Frohoff is a Cyber Security Engineer at Qualcomm with a focus on Application Security; he performs Application Security Assessments and Penetration Tests, and sometimes dabbles in Incident Response, Reverse Engineering, and general research mischief. In a former life, Chris developed enterprise web applications and services at Sony Network Entertainment and UC San Diego. His primary areas of geekdom include programming languages... Read More →
avatar for Gabriel Lawrence

Gabriel Lawrence

Application Security Team Lead, Qualcomm
Gabriel Lawrence leads the Application Security team at Qualcomm, doing Application Security Assessments, Penetration Tests, Incident Response, Reverse Engineering, and anything else that comes his way. He's developed enterprise applications, founded three startups, and run Information Security for UC San Diego.

Wednesday January 28, 2015 10:30am - 11:30am
Annenberg Community Beach House: Track 4 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (6)