Insecure Deserialization For Beginners

Thank you for watching the video : Insecure Deserialization For Beginners Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pass harmful data into the application code. Currently it occupies the 8th spot in the #OWASPTo10 2021 list. It occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or execute arbitrary code when it is deserialized. In this video we will learn what are magic methods, how to find deserialization vulnerability and how to exploit. Magic Method - https://www.php.net/manual/en/language.oop5.magic.php​ ​ PHPGGC - https://github.com/ambionics/phpggc OWASP Top 10 (Insecure Deserialization) - https://www.youtube.com/watch?v=4fD7LGQPjBU Lab - https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-object-injection-in-php 00:45 What is deserialization 02:20 Insecure deserialization 04:16 Serialized Object Format 05:40 Magic Methods 08:18 Spot a vulnerability 11:00 Sample code 12:30 Exploit Code 13:10 Demo ABOUT OUR CHANNEL📜 Cyber Security is a non-profit initiative taken by security professionals. Here we are uploading a series of videos to learn and get expertise in various domains of security. We are teaching tools, techniques, and methods which can be used on penetration testing assignments. 📌CHECK OUT OUR OTHER VIDEOS ▶️How to Bypass WAF | Part 2 https://youtu.be/t6pA9qqMCvg ▶️Exploit Server Side Template Injection https://youtu.be/zv9YvC7bG1I ▶️XPath Injection | XML Vulnerability for Beginners https://youtu.be/rFXDr5KVdAc ▶️Authentication Bypass in PHP | PHP Type Juggling https://youtu.be/s34sM-No-A0 FOLLOW US ON SOCIAL ▶️Security Blog https://bhaumikshah04.blogspot.com/ ▶️Facebook https://www.facebook.com/InfoSecForStarters #owasptop10 #webapppentest #appsec #applicationsecurity #apitesting #apipentest #cybersecurityonlinetraining #freesecuritytraining #penetrationtest #ethicalhacking #burpsuite #pentestforbegineers #insecuredeserialization #php #magicmethods #unserialize Related Searches: insecure deserialization prevention insecure deserialization attack insecure deserialization medium steps to avoid insecure deserialization how to find deserialization vulnerability