[Owasp-ireland] OWASP Cork: Deserialization is bad, and you should feel bad

Eoin Keary eoin.keary at owasp.org
Sun Mar 6 18:18:13 UTC 2016

Very cool,
Would love to be there! Hope the slides shall be available.

Eoin Keary
OWASP Volunteer

> On 6 Mar 2016, at 16:06, Darren Fitzpatrick <darren.fitzpatrick at owasp.org> wrote:
> Hi,
> The next OWASP Cork chapter meeting will be delivered on Monday 14th March by Gabriel Lawrence who will be speaking about object deserialization bugs within some of the most popular programming languages, web servers and sites. This is a major application security vulnerability for which he and Chris Frohoff advanced the research and released generalized exploit tools at AppSec Cali 2015. It was almost a year later, when specific working exploits were released across many major Java services, that the world realized how much of a big deal the findings from their research into deserialization was. Sites including PayPal and a number of Java based systems including WebLogic, Websphere, JBoss and Jenkins were found to be remotely exploitable to provide the attacker with full remote access to the associated server. To this day, and without a doubt well into the future, desearialization vulnerabilities will continue to be discovered as a result of this work.
> Gabriel Lawrence leads the Application Security team at Qualcomm, San Diego, doing Application Security Assessments, Penetration Tests, Incident Response, Reverse Engineering, and anything else that comes his way. Gabe is an active member of the very successful San Diego OWASP Chapter and has been involved with OWASP as an organization from the time of its inception.
> This promises to be an interesting and exciting talk. Beer and pizza will also be provided - bring all your friends :) 
> The talk will be held at The Roundy, Cork City and you can sign up here:
> http://www.meetup.com/OWASP-Cork/events/229340488/ 
> Looking forward to seeing you there, 
> Darren & Fiona (OWASP Cork Team)
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20160306/ce36ee8a/attachment.html>

More information about the Owasp-ireland mailing list