Secure Coding in Java Serialization

Our secure coding training courses help developers establish a security mindset and prevent them from making secure coding errors that lead to deploying vulnerable systems. The one-day instructor-led Java Serialization course provides developers with practical guidance for securely implementing Java serialization. Serialization is widely used both directly by applications and indirectly by Java subsystems such as RMI (Remote Method Invocation), JMX (Java Management Extension), and JMS (Java Messaging System). Java deserialization is an insecure language feature included in the OWASP Top 10 Application Security Risks – 2017. Deserialization of untrusted streams can result in remote code execution (RCE), denial-of- service (DoS), and a range of other exploits. Applications can be vulnerable to these attacks even when no coding defects are present. This course explains and demonstrates these attacks while showing developers how to securely code their systems to support Java serialization. Developers will learn how Java serialization/ deserialization works under the covers, how to determine if your systems are vulnerable to Java deserialization exploits, and how to securely implement Java Serialization. The course consists of lecture (40%), demonstrations (30%), and labs (30%). Participants should come away from the course with a working knowledge of Java Serialization. Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.