Serial Killer Silently Pwning Your Java Endpoints
OWASPBNL_Java_Deserialization
OWASPBNL_Java_Deserialization
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
How did vendors handle this recently?<br />
Vendor / Product<br />
Atlassian Bamboo<br />
Apache ActiveMQ<br />
Apache Batchee<br />
Apache JCS<br />
Apache openjpa<br />
Apache Owb<br />
Apache TomEE<br />
Type of Protection<br />
Removed Usage of <strong>Serial</strong>ization<br />
LAOIS Whitelist<br />
LAOIS Blacklist + optional Whitelist<br />
LAOIS Blacklist + optional Whitelist<br />
LAOIS Blacklist + optional Whitelist<br />
LAOIS Blacklist + optional Whitelist<br />
LAOIS Blacklist + optional Whitelist<br />
********** (still to be fixed) LAOIS Blacklist<br />
21