How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?
I would like to know a somewhat general approach for white box vulnerability scanning, mainly focused around Java deserialization code bugs that could lead to RCEs (Remote Code Execution following deserialization).
So far, my current strat… Continue reading How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?