AppSec USA 2016 has ended
Back To Schedule
Thursday, October 13 • 3:30pm - 4:30pm
How to Find the Next Great Deserialization CVE

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE. 

The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities.

The talk will also explain the incredible difficulty faced when using traditional appsec defenses (input validation, signaturing) to stop these vulnerabilities, and explain free and open source options for builders to protect themselves from such attacks.

avatar for Arshan Dabirsiaghi

Arshan Dabirsiaghi

Chief Scientist, Contrast Security
Arshan is an accomplished security researcher with over 10 years of experience advising large organizations on application security. Prior to Contrast Security, Arshan spent 8 years at Aspect Security in a research role where he used static and dynamic technology to perform security... Read More →

Thursday October 13, 2016 3:30pm - 4:30pm EDT
Grand South Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001