insecure-deserialization
Installation
SKILL.md
Insecure Deserialization (OWASP A08)
Prevent remote code execution and object injection through safe deserialization practices.
When to Use
- Parsing serialized objects from untrusted sources
- Handling session data or cookies
- Processing API payloads with type information
- Working with message queues
- Importing/exporting data
Risk Levels by Language
| Language | Serialization | Risk | Impact |
|---|---|---|---|
| Java | ObjectInputStream | CRITICAL | RCE |
| Python | pickle/marshal | CRITICAL | RCE |
| PHP | unserialize() | CRITICAL | RCE |
Related skills