Lightboard Lessons: OWASP Top 10 - Insecure Deserialization

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Insecure Deserialization comes in at the #8 spot in the latest edition of the OWASP Top 10.  In this video, John d...
Updated May 10, 2022
Version 2.0
BIG-IP
deserialization
lbl
owasp
security
series-the-owasp-top-ten-list-of-security-vulnerabilities
ltwagnon's avatar
Ret. Employee
Joined May 15, 2019
View Profile
ltwagnon's avatar
Ret. Employee
Joined May 15, 2019
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
ltwagnon's avatar
ltwagnon
Ret. Employee
Apr 20, 2018

Hi sachin...great question! The ASM handles Insecure Deserialization mostly through attack signatures. So, it should catch these attempts as a normal part of the way it functions no matter which type of policy you create. Just make sure the standard attack signatures are enabled (which they are by default on any policy). A few examples of signatures that catch Insecure Deserialization attempts are:

 

  • 200004188 PHP object serialization injection attempt (Parameter)
  • 200003425 Java Base64 serialized object - java/lang/Runtime (Parameter)
  • 200004282 Node.js Serialized Object Remote Code Execution (Parameter)

Hope this helps!