 |
|---|
| Portswigger Academy Insecure deserialisation Labs |
Introduction
What?
Insecure deserialisation is when user-controllable data is deserialised by a website.
Why?
This potentially enables an attacker to manipulate serialised objects in order to pass harmful data into the application code.