Publication Date

Spring 2023

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Robert Chun

Second Advisor

Thomas Austin

Third Advisor

Priyam Dhanuka

Keywords

nsecure Deserialization, Security, Vulnerability, OWASP Top 10, Python.

Abstract

The importance of Cyber Security is increasing every single day. From the emergence of new ransomware to major data breaches, the online world is getting dangerous. A multinational non- profit group devoted to online application security is called OWASP, or the Open Web Application Security Project. The OWASP Top 10 is a frequently updated report that highlights the ten most important vulnerabilities to web application security. Among these 10 vulnerabilities, there exists a vulnerability called Software and Data Integrity Failures. A subset of this vulnerability is Insecure Deserialization. An object is transformed into a stream of bytes through the serialization process in order to be stored in memory, a database, or a file. Deserialization is the procedure used to transform bytes of serialized data into readable form. When a website deserializes user- controllable data without any validation, it is known as Insecure Deserialization. An attacker may be able to modify serialized objects in this way to introduce dangerous data into the application code. In this research, we discuss thoroughly Insecure Deserialization in Python and attempt to create an automated scanner for detecting it. We go into detail about the working of Insecure Deserialization and study this vulnerability in different languages such as Java, Python, and PHP. We also talk about various prevention techniques

Share

COinS