Serialization is an extremely easy and convenient way to get complex states saved on disk or transferred over the network. However, ease brings with it a dark side, dismantling a serialized object can be compared to dismantling a bomb. It has to be done just right or the consequences can be catastrophic.

Serialization is an extremely easy and convenient way to store complex states on disk or transfer them over the network. However, ease of use brings a downside, as unpacking a serialized object is comparable to defusing a bomb. It must be done exactly right, or the consequences can be catastrophic.

Deserialization Attacks

Learn to hack — start here