user1514499 user1514499 - 3 days ago 6
Java Question

Serialization - How to secure a serialized JAVA object?

How can I secure the serialized object if I send the serialized object over the network?
I doubt that hackers may interrupt/hack my data.

can anyone tell in detail about how to implement this?

Answer

These 2 presentations give ideas on how effectively attackers can tamper a Java serialized stream:

  1. https://www.owasp.org/images/e/eb/OWASP_IL_2008_Shai_Chen_PT_to_Java_Client_Server_Apps.ppt

  2. http://www.andlabs.org/presentations/Attacking_JAVA_Serialized_Communication-slides.pdf

    There is also the risk of injecting unsuspected behavior and inject code in case a vulnerable class exists on the server's classpath. See this article:

Look-ahead Java deserialization

Comments