Publication Date
Spring 2023
Degree Type
Master's Project
Degree Name
Master of Science (MS)
Department
Computer Science
First Advisor
Robert Chun
Second Advisor
Thomas Austin
Third Advisor
Priyam Dhanuka
Keywords
nsecure Deserialization, Security, Vulnerability, OWASP Top 10, Python.
Abstract
The importance of Cyber Security is increasing every single day. From the emergence of new ransomware to major data breaches, the online world is getting dangerous. A multinational non- profit group devoted to online application security is called OWASP, or the Open Web Application Security Project. The OWASP Top 10 is a frequently updated report that highlights the ten most important vulnerabilities to web application security. Among these 10 vulnerabilities, there exists a vulnerability called Software and Data Integrity Failures. A subset of this vulnerability is Insecure Deserialization. An object is transformed into a stream of bytes through the serialization process in order to be stored in memory, a database, or a file. Deserialization is the procedure used to transform bytes of serialized data into readable form. When a website deserializes user- controllable data without any validation, it is known as Insecure Deserialization. An attacker may be able to modify serialized objects in this way to introduce dangerous data into the application code. In this research, we discuss thoroughly Insecure Deserialization in Python and attempt to create an automated scanner for detecting it. We go into detail about the working of Insecure Deserialization and study this vulnerability in different languages such as Java, Python, and PHP. We also talk about various prevention techniques
Recommended Citation
Verma, Aneesh, "Insecure Deserialization Detection in Python" (2023). Master's Projects. 1270.
DOI: https://doi.org/10.31979/etd.3yzt-6hxp
https://scholarworks.sjsu.edu/etd_projects/1270