on
05-Mar-2018
06:02
- edited on
10-May-2022
14:17
by
JRahm
The OWASP Top 10 is a list of the most common security risks on the Internet today. Insecure Deserialization comes in at the #8 spot in the latest edition of the OWASP Top 10. In this video, John discusses this vulnerability and outlines some mitigation steps to make sure your web application stays secure against this threat.
Related Resources:
Hi John,
Which setting in ASM policy need to be configured to inspect such traffic?
How ASM would protect against such attack ?
Thanks,
Sachin
Hi sachin...great question! The ASM handles Insecure Deserialization mostly through attack signatures. So, it should catch these attempts as a normal part of the way it functions no matter which type of policy you create. Just make sure the standard attack signatures are enabled (which they are by default on any policy). A few examples of signatures that catch Insecure Deserialization attempts are:
Hope this helps!