Secure Coding: Preventing Insecure Deserialization from Pluralsight

This course will teach you the basics of serialization and deserialization, including serialization file formats, what insecure deserialization is, and how to prevent that type of vulnerability from occurring in your code.

As a developer, it is important to be familiar with common vulnerabilities that are often encountered in web application. Insecure deserialization is one of those vulnerabilities, ranking 8th in the OWASP Top 10 2017. In this course, Secure Coding: Preventing Insecure Deserialization, you will learn how to properly defend yourself against that particular vulnerability First, you will learn about the basics of serialization and deserialization, and about the various serialization file formats. Next, you will discover what insecure deserialization actually is, and how it can be exploited: In order to fix the problem, you need to know what can go wrong. Finally you will explore how to properly prevent insecure deserialization in any development language or framework. By the end of this course, you will have the secure coding skills and knowledge needed to prevent insecure deserialization vulnerabilities from creeping into your application.

What's inside

Syllabus

Course Overview

What Is Serialization and Deserialization?

Deserialization: How It Can Be Exploited

Insecure Patterns for Deserialization

How to Securely Implement Deserialization

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Explores insecure deserialization, a vulnerability ranked 8th in the OWASP Top 10 2017

Teaches methods to securely implement deserialization in any development language or framework

Covers various serialization file formats

Taught by Peter Mosmans, an expert in secure coding

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Coding: Preventing Insecure Deserialization with these activities:

Review OOP Concepts

Show steps

Ensure a solid foundation in OOP concepts to enhance your understanding of serialization and deserialization.

Browse courses on Object-Oriented Programming

Show steps

Revisit basic OOP concepts such as classes, objects, inheritance, and polymorphism.
Review data structures like arrays, lists, and maps, which are essential for serialization.
Practice implementing OOP principles in a programming language of your choice.

Compile Deserialization Security Resources

Show steps

Expand your knowledge base by gathering and organizing resources on deserialization security.

Browse courses on Knowledge Base

Show steps

Search for articles, tutorials, and documentation on deserialization security.
Bookmark or save relevant resources in a centralized location.
Categorize and organize the resources for easy reference in the future.

Read 'Secure Coding: Principles and Practices'

Show steps

Gain a comprehensive understanding of secure coding practices by reviewing fundamental principles and best practices.

View Building Secure Software: How to Avoid Security... on Amazon

Show steps

Read chapters 1-3 to understand the basics of secure coding.
Complete the exercises in each chapter to apply the concepts.
Take notes and highlight key takeaways for future reference.

Five other activities

Expand to see all activities and additional details

Show all eight activities

Follow OWASP Deserialization Cheat Sheet

Show steps

Enhance your understanding of deserialization security by exploring the OWASP cheat sheet.

Browse courses on OWASP

Show steps

Visit the OWASP website and access the Deserialization Cheat Sheet.
Review the guidelines and recommendations provided by OWASP.
Identify areas where your application can benefit from implementing the suggestions.

Participate in a Deserialization Security Discussion

Show steps

Engage with peers to exchange knowledge, share experiences, and reinforce your understanding of deserialization security.

Show steps

Join or create a study group or online forum focused on deserialization security.
Participate in discussions, ask questions, and share your insights.
Collaborate on projects or case studies related to deserialization vulnerability mitigation.

Implement Serialization and Deserialization

Show steps

Solidify your understanding of serialization and deserialization by implementing them in a practical project.

Browse courses on Serialization

Show steps

Choose a programming language and framework of your choice.
Design and develop a data model with attributes that need to be serialized and deserialized.
Implement serialization and deserialization mechanisms for the data model.
Test your implementation with various input data to ensure accuracy.

Design a Secure Deserialization Policy

Show steps

Develop a strong foundation in deserialization security by creating a comprehensive policy for your organization.

Show steps

Research industry best practices and OWASP recommendations for deserialization security.
Identify potential vulnerabilities in your application's deserialization mechanisms.
Develop a policy that outlines security measures, such as input validation, encryption, and version control.
Implement the policy and regularly review its effectiveness.

Build a Deserialization Vulnerability Scanner

Show steps

Challenge yourself by developing a tool that can identify and mitigate deserialization vulnerabilities.

Browse courses on Vulnerability Scanning

Show steps

Research techniques and algorithms for deserialization vulnerability detection.
Design and implement the scanner using a programming language of your choice.
Test the scanner's effectiveness on various applications and frameworks.
Refine and improve the scanner based on testing results.
Consider open-sourcing the scanner to benefit the community.

Career center

Learners who complete Secure Coding: Preventing Insecure Deserialization will develop knowledge and skills that may be useful to these careers:

Security Analyst

Security Analysts are responsible for identifying, analyzing, and mitigating computer and network security risks. They develop and implement security policies and procedures, monitor networks for suspicious activity, and respond to security incidents. This course can help Security Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Security Analysts can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Security Analyst

Software Developer

Software Developers design, develop, and implement software systems. They work with a variety of programming languages and technologies to create applications that meet the needs of users. This course can help Software Developers improve their coding skills and learn how to prevent insecure deserialization vulnerabilities in their code. By taking this course, Software Developers can build more secure and reliable software applications.

See salaries and explore the career path for Software Developer

Cybersecurity Analyst

Cybersecurity Analysts are responsible for identifying, analyzing, and mitigating cybersecurity risks. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Cybersecurity Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Cybersecurity Analysts can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Cybersecurity Analyst

Security Engineer

Security Engineers are responsible for designing, implementing, and maintaining security measures for computer networks and systems. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Security Engineers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Security Engineers can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Security Engineer

Data Security Analyst

Data Security Analysts are responsible for identifying, analyzing, and mitigating risks to data security. They work with a variety of security technologies and tools to protect data from unauthorized access, theft, and damage. This course can help Data Security Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data. By taking this course, Data Security Analysts can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Data Security Analyst

Network Security Engineer

Network Security Engineers are responsible for designing, implementing, and maintaining security measures for computer networks. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Network Security Engineers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Network Security Engineers can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Network Security Engineer

Web Developer

Web Developers design, develop, and implement websites and web applications. They work with a variety of programming languages and technologies to create websites that meet the needs of users. This course can help Web Developers improve their coding skills and learn how to prevent insecure deserialization vulnerabilities in their code. By taking this course, Web Developers can build more secure and reliable web applications.

See salaries and explore the career path for Web Developer

Cloud Security Architect

Cloud Security Architects are responsible for designing, implementing, and maintaining security measures for cloud computing environments. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Cloud Security Architects improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems in the cloud. By taking this course, Cloud Security Architects can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Cloud Security Architect

Systems Administrator

Systems Administrators are responsible for managing and maintaining computer systems and networks. They work with a variety of operating systems and software applications to ensure that systems are running smoothly and securely. This course can help Systems Administrators improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting systems from attack. By taking this course, Systems Administrators can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Systems Administrator

Risk Analyst

Risk Analysts are responsible for identifying, analyzing, and mitigating risks to an organization. They work with a variety of risk management techniques and tools to help organizations make informed decisions about how to manage risk. This course can help Risk Analysts improve their understanding of insecure deserialization and how to prevent it, which is an important skill for assessing and mitigating security risks. By taking this course, Risk Analysts can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Risk Analyst

Chief Information Security Officer

Chief Information Security Officers (CISOs) are responsible for overseeing the security of an organization's information systems. They work with a variety of security professionals to develop and implement security policies and procedures, and to manage security risks. This course can help CISOs improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, CISOs can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Chief Information Security Officer

Information Security Manager

Information Security Managers are responsible for planning, implementing, and managing an organization's information security program. They work with a variety of security professionals to develop and implement security policies and procedures, and to manage security risks. This course can help Information Security Managers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, Information Security Managers can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Information Security Manager

Information Technology Manager

Information Technology Managers are responsible for planning, implementing, and managing an organization's information technology systems. They work with a variety of IT professionals to develop and implement IT policies and procedures, and to manage IT risks. This course can help Information Technology Managers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, Information Technology Managers can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Information Technology Manager

Computer Scientist

Computer Scientists research and develop new computer hardware and software technologies. They work with a variety of programming languages and technologies to create new ways to solve problems and improve the performance of computers. This course can help Computer Scientists improve their understanding of insecure deserialization and how to prevent it, which is an important skill for developing secure and reliable software. By taking this course, Computer Scientists can enhance their ability to contribute to the field of computer science and create new technologies that benefit society.

See salaries and explore the career path for Computer Scientist

Database Administrator

Database Administrators are responsible for managing and maintaining databases. They work with a variety of database technologies to ensure that databases are running smoothly and securely. This course can help Database Administrators improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting databases from attack. By taking this course, Database Administrators can enhance their ability to keep their organizations secure and compliant.

See salaries and explore the career path for Database Administrator