From the course: Foundational JavaScript Security
Join today to access over 25,300 courses taught by industry experts.
Secure deserialization resources - JavaScript Tutorial
From the course: Foundational JavaScript Security
Secure deserialization resources
- [Narrator] Now, let's take a look at Insecure Deserialization. This type of attack is hard to exploit. But when a hacker succeeds, access to sensitive data can occur. This is one where you constantly need to test your APIs and validate your objects aren't tampered by attackers. There are several ways to prevent these attacks, such as enforcing strict types, like TypeScript for example, and making sure there aren't any errors when deserialization occurs. Take the time to go through the "Is the Application Vulnerable" section and how to prevent it. I'd spend a lot of time looking at the cheat sheets to make sure you don't miss opportunities to enforce alerts and monitor deserialization.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Injection threat resources2m 1s
-
(Locked)
Broken authentication resources1m 8s
-
(Locked)
Sensitive data exposure resources58s
-
(Locked)
XML external entities resources1m 1s
-
(Locked)
Security misconfiguration resources1m 27s
-
(Locked)
Secure deserialization resources44s
-
(Locked)
Challenge: What is secured deserialization?31s
-
(Locked)
Solution: What is secured deserialization?51s
-
(Locked)
-