🛠️ Insecure deserialization
Many web applications manage data and rely on (de)serialization for formatting when storing or sending that data. Applications implementing insecure deserialization means they fail to properly verify and sanitize user inputs that are deserialized, leading to potential DoS (Denial of Service), RCE (Remote Code Execution), logic bugs and so on.
Testers need to identify inputs that are serialized (cookies, hidden inputs in forms) and which server-side language is in use : Python, Java, Ruby, PHP.
🛠️ Add some examples ?