We may earn an affiliate commission when you visit our partners.
Peter Mosmans

This course will teach you the basics of serialization and deserialization, including serialization file formats, what insecure deserialization is, and how to prevent that type of vulnerability from occurring in your code.

Read more

This course will teach you the basics of serialization and deserialization, including serialization file formats, what insecure deserialization is, and how to prevent that type of vulnerability from occurring in your code.

As a developer, it is important to be familiar with common vulnerabilities that are often encountered in web application. Insecure deserialization is one of those vulnerabilities, ranking 8th in the OWASP Top 10 2017. In this course, Secure Coding: Preventing Insecure Deserialization, you will learn how to properly defend yourself against that particular vulnerability First, you will learn about the basics of serialization and deserialization, and about the various serialization file formats. Next, you will discover what insecure deserialization actually is, and how it can be exploited: In order to fix the problem, you need to know what can go wrong. Finally you will explore how to properly prevent insecure deserialization in any development language or framework. By the end of this course, you will have the secure coding skills and knowledge needed to prevent insecure deserialization vulnerabilities from creeping into your application.

Enroll now

What's inside

Syllabus

Course Overview
What Is Serialization and Deserialization?
Deserialization: How It Can Be Exploited
Insecure Patterns for Deserialization
Read more
How to Securely Implement Deserialization

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Explores insecure deserialization, a vulnerability ranked 8th in the OWASP Top 10 2017
Teaches methods to securely implement deserialization in any development language or framework
Covers various serialization file formats
Taught by Peter Mosmans, an expert in secure coding

Save this course

Save Secure Coding: Preventing Insecure Deserialization to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Coding: Preventing Insecure Deserialization with these activities:
Review OOP Concepts
Ensure a solid foundation in OOP concepts to enhance your understanding of serialization and deserialization.
Show steps
  • Revisit basic OOP concepts such as classes, objects, inheritance, and polymorphism.
  • Review data structures like arrays, lists, and maps, which are essential for serialization.
  • Practice implementing OOP principles in a programming language of your choice.
Compile Deserialization Security Resources
Expand your knowledge base by gathering and organizing resources on deserialization security.
Browse courses on Knowledge Base
Show steps
  • Search for articles, tutorials, and documentation on deserialization security.
  • Bookmark or save relevant resources in a centralized location.
  • Categorize and organize the resources for easy reference in the future.
Read 'Secure Coding: Principles and Practices'
Gain a comprehensive understanding of secure coding practices by reviewing fundamental principles and best practices.
Show steps
  • Read chapters 1-3 to understand the basics of secure coding.
  • Complete the exercises in each chapter to apply the concepts.
  • Take notes and highlight key takeaways for future reference.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Follow OWASP Deserialization Cheat Sheet
Enhance your understanding of deserialization security by exploring the OWASP cheat sheet.
Browse courses on OWASP
Show steps
  • Visit the OWASP website and access the Deserialization Cheat Sheet.
  • Review the guidelines and recommendations provided by OWASP.
  • Identify areas where your application can benefit from implementing the suggestions.
Participate in a Deserialization Security Discussion
Engage with peers to exchange knowledge, share experiences, and reinforce your understanding of deserialization security.
Show steps
  • Join or create a study group or online forum focused on deserialization security.
  • Participate in discussions, ask questions, and share your insights.
  • Collaborate on projects or case studies related to deserialization vulnerability mitigation.
Implement Serialization and Deserialization
Solidify your understanding of serialization and deserialization by implementing them in a practical project.
Browse courses on Serialization
Show steps
  • Choose a programming language and framework of your choice.
  • Design and develop a data model with attributes that need to be serialized and deserialized.
  • Implement serialization and deserialization mechanisms for the data model.
  • Test your implementation with various input data to ensure accuracy.
Design a Secure Deserialization Policy
Develop a strong foundation in deserialization security by creating a comprehensive policy for your organization.
Show steps
  • Research industry best practices and OWASP recommendations for deserialization security.
  • Identify potential vulnerabilities in your application's deserialization mechanisms.
  • Develop a policy that outlines security measures, such as input validation, encryption, and version control.
  • Implement the policy and regularly review its effectiveness.
Build a Deserialization Vulnerability Scanner
Challenge yourself by developing a tool that can identify and mitigate deserialization vulnerabilities.
Browse courses on Vulnerability Scanning
Show steps
  • Research techniques and algorithms for deserialization vulnerability detection.
  • Design and implement the scanner using a programming language of your choice.
  • Test the scanner's effectiveness on various applications and frameworks.
  • Refine and improve the scanner based on testing results.
  • Consider open-sourcing the scanner to benefit the community.

Career center

Learners who complete Secure Coding: Preventing Insecure Deserialization will develop knowledge and skills that may be useful to these careers:
Security Analyst
Security Analysts are responsible for identifying, analyzing, and mitigating computer and network security risks. They develop and implement security policies and procedures, monitor networks for suspicious activity, and respond to security incidents. This course can help Security Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Security Analysts can enhance their ability to keep their organizations secure and compliant.
Software Developer
Software Developers design, develop, and implement software systems. They work with a variety of programming languages and technologies to create applications that meet the needs of users. This course can help Software Developers improve their coding skills and learn how to prevent insecure deserialization vulnerabilities in their code. By taking this course, Software Developers can build more secure and reliable software applications.
Cybersecurity Analyst
Cybersecurity Analysts are responsible for identifying, analyzing, and mitigating cybersecurity risks. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Cybersecurity Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Cybersecurity Analysts can enhance their ability to keep their organizations secure and compliant.
Security Engineer
Security Engineers are responsible for designing, implementing, and maintaining security measures for computer networks and systems. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Security Engineers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Security Engineers can enhance their ability to keep their organizations secure and compliant.
Data Security Analyst
Data Security Analysts are responsible for identifying, analyzing, and mitigating risks to data security. They work with a variety of security technologies and tools to protect data from unauthorized access, theft, and damage. This course can help Data Security Analysts improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data. By taking this course, Data Security Analysts can enhance their ability to keep their organizations secure and compliant.
Network Security Engineer
Network Security Engineers are responsible for designing, implementing, and maintaining security measures for computer networks. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Network Security Engineers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems from attack. By taking this course, Network Security Engineers can enhance their ability to keep their organizations secure and compliant.
Web Developer
Web Developers design, develop, and implement websites and web applications. They work with a variety of programming languages and technologies to create websites that meet the needs of users. This course can help Web Developers improve their coding skills and learn how to prevent insecure deserialization vulnerabilities in their code. By taking this course, Web Developers can build more secure and reliable web applications.
Cloud Security Architect
Cloud Security Architects are responsible for designing, implementing, and maintaining security measures for cloud computing environments. They work with a variety of security technologies and tools to protect data and systems from unauthorized access, theft, and damage. This course can help Cloud Security Architects improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting sensitive data and systems in the cloud. By taking this course, Cloud Security Architects can enhance their ability to keep their organizations secure and compliant.
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems and networks. They work with a variety of operating systems and software applications to ensure that systems are running smoothly and securely. This course can help Systems Administrators improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting systems from attack. By taking this course, Systems Administrators can enhance their ability to keep their organizations secure and compliant.
Risk Analyst
Risk Analysts are responsible for identifying, analyzing, and mitigating risks to an organization. They work with a variety of risk management techniques and tools to help organizations make informed decisions about how to manage risk. This course can help Risk Analysts improve their understanding of insecure deserialization and how to prevent it, which is an important skill for assessing and mitigating security risks. By taking this course, Risk Analysts can enhance their ability to keep their organizations secure and compliant.
Chief Information Security Officer
Chief Information Security Officers (CISOs) are responsible for overseeing the security of an organization's information systems. They work with a variety of security professionals to develop and implement security policies and procedures, and to manage security risks. This course can help CISOs improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, CISOs can enhance their ability to keep their organizations secure and compliant.
Information Security Manager
Information Security Managers are responsible for planning, implementing, and managing an organization's information security program. They work with a variety of security professionals to develop and implement security policies and procedures, and to manage security risks. This course can help Information Security Managers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, Information Security Managers can enhance their ability to keep their organizations secure and compliant.
Information Technology Manager
Information Technology Managers are responsible for planning, implementing, and managing an organization's information technology systems. They work with a variety of IT professionals to develop and implement IT policies and procedures, and to manage IT risks. This course can help Information Technology Managers improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting an organization's sensitive data and systems from attack. By taking this course, Information Technology Managers can enhance their ability to keep their organizations secure and compliant.
Computer Scientist
Computer Scientists research and develop new computer hardware and software technologies. They work with a variety of programming languages and technologies to create new ways to solve problems and improve the performance of computers. This course can help Computer Scientists improve their understanding of insecure deserialization and how to prevent it, which is an important skill for developing secure and reliable software. By taking this course, Computer Scientists can enhance their ability to contribute to the field of computer science and create new technologies that benefit society.
Database Administrator
Database Administrators are responsible for managing and maintaining databases. They work with a variety of database technologies to ensure that databases are running smoothly and securely. This course can help Database Administrators improve their understanding of insecure deserialization and how to prevent it, which is a critical skill for protecting databases from attack. By taking this course, Database Administrators can enhance their ability to keep their organizations secure and compliant.

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Secure Coding: Preventing Insecure Deserialization.
The authoritative guide to the OWASP Top 10 vulnerabilities, including insecure deserialization.
A comprehensive guide to software security assessment, including a chapter on deserialization vulnerabilities.
A practical guide to secure coding in JavaScript, including best practices for deserialization.
A comprehensive guide to secure coding practices, including a section on deserialization.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Secure Coding: Preventing Insecure Deserialization.
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser