Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Lightboard Lessons: OWASP Top 10 - Insecure Deserialization

ltwagnon
Legacy Employee
Legacy Employee

on ‎05-Mar-2018 06:02 - edited on ‎10-May-2022 14:17 by Community Manager

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Insecure Deserialization comes in at the #8 spot in the latest edition of the OWASP Top 10.  In this video, John discusses this vulnerability and outlines some mitigation steps to make sure your web application stays secure against this threat.

 

 

Related Resources:

Labels:
0 Kudos
Comments
sachin_80710
Nimbostratus
Nimbostratus
‎05-Mar-2018 20:26

Hi John,

 

Which setting in ASM policy need to be configured to inspect such traffic?

 

How ASM would protect against such attack ?

 

 

Thanks,

 

Sachin

 

0 Kudos
ltwagnon
Legacy Employee
Legacy Employee
‎20-Apr-2018 08:37

Hi sachin...great question! The ASM handles Insecure Deserialization mostly through attack signatures. So, it should catch these attempts as a normal part of the way it functions no matter which type of policy you create. Just make sure the standard attack signatures are enabled (which they are by default on any policy). A few examples of signatures that catch Insecure Deserialization attempts are:

 

  • 200004188 PHP object serialization injection attempt (Parameter)
  • 200003425 Java Base64 serialized object - java/lang/Runtime (Parameter)
  • 200004282 Node.js Serialized Object Remote Code Execution (Parameter)

Hope this helps!

 

0 Kudos
Version history
Last update:
‎10-May-2022 14:17
Updated by:
Community Manager
Contributors
Copyright © 2023 Khoros, LLC