publication . Article . Other literature type . Preprint . 2019

[Preprint] ObjectMap: Detecting Insecure Object Deserialization

Koutroumpouchos Nikolaos; Lavdanis Georgios; Eleni, Veroni; Ntantogian Christoforos; Xenakis Christos;
Open Access English
  • Published: 29 Nov 2019
  • Publisher: Zenodo
Abstract
In recent years there is a surge of serialization-based vulnerabilities in web applications which have led to serious incidents, exposing private data of millions of individuals. Although there have been some efforts in addressing this problem, there is still no unified solution that is able to detect implementation-agnostic vulnerabilities. We aim to fill this gap by proposing ObjectMap, an extendable tool for the detection of deserialization and object injection vulnerabilities in Java and PHP based web applications. Furthermore, we also introduce the first deserialization test environment which can be used to test deserialization vulnerability detection tools...
Subjects
free text keywords: insecure deserialization, web application, security, vulnerability scanner
Funded by
EC| INCOGNITO
Project
INCOGNITO
IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services
  • Funder: European Commission (EC)
  • Project Code: 824015
  • Funding stream: H2020 | MSCA-RISE
Validated by funder
,
EC| FutureTPM
Project
FutureTPM
Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module
  • Funder: European Commission (EC)
  • Project Code: 779391
  • Funding stream: H2020 | RIA
Validated by funder
,
EC| SECONDO
Project
SECONDO
a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era
  • Funder: European Commission (EC)
  • Project Code: 823997
  • Funding stream: H2020 | MSCA-RISE
,
EC| CUREX
Project
CUREX
seCUre and pRivate hEalth data eXchange
  • Funder: European Commission (EC)
  • Project Code: 826404
  • Funding stream: H2020 | RIA
Download fromView all 5 versions
Zenodo
Other literature type . 2019
Provider: Datacite
Zenodo
Other literature type . 2019
Provider: Datacite
ZENODO
Preprint . 2019
Provider: ZENODO
Any information missing or wrong?Report an Issue