BEGIN:VCALENDAR
PRODID;X-RICAL-TZSOURCE=TZINFO:-//Calagator//EN
CALSCALE:GREGORIAN
X-WR-CALNAME:Calagator
METHOD:PUBLISH
VERSION:2.0
BEGIN:VTIMEZONE
TZID;X-RICAL-TZSOURCE=TZINFO:America/Los_Angeles
BEGIN:DAYLIGHT
DTSTART:20180311T020000
RDATE:20180311T020000
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
CREATED;VALUE=DATE-TIME:20180514T113151Z
DTEND;TZID=America/Los_Angeles;VALUE=DATE-TIME:20180515T200000
DTSTART;TZID=America/Los_Angeles;VALUE=DATE-TIME:20180515T190000
DTSTAMP;VALUE=DATE-TIME:20180514T113151Z
LAST-MODIFIED;VALUE=DATE-TIME:20180514T113151Z
UID:http://calagator.org/events/1250473733
DESCRIPTION:Insecure deserialization is one of the most critical web appl
 ication security risks\, yet it is by no means a new vulnerability categ
 ory. Data serialization and deserialization have been used widely in app
 lications\, services and frameworks\, with many programming languages su
 pporting them natively. Deserialization got more attention recently as a
  potential vehicle to conduct several types of attacks: data tampering\,
  authentication bypass\, privilege escalation\, various injections and\,
  finally\, remote code execution. Two recent vulnerabilities in Apache C
 ommons and Apache Struts\, both allowing remote code execution\, helped 
 raise awareness of this risk. We will discuss how data serialization and
  deserialization are used in software\, the dangers of deserializing unt
 rusted input\, and how to avoid insecure deserialization vulnerabilities
 . Speaker: Alexei Kojenov (https://twitter.com/kojenov) is a Senior Appl
 ication Security Consultant with years of prior software development exp
 erience. During his career with IBM\, he gradually moved from writing co
 de to breaking code. Since late 2016\, Alexei has been working as a cons
 ultant at Aspect Security\, helping businesses identify and fix vulnerab
 ilities and design secure applications. Aspect Security was recently acq
 uired by Ernst&amp\;Young and joined EY Advisory cybersecurity practice.
 \n\nTags: meetup:event=250603125\, meetup:group=PDXJUG\, java\, open sou
 rce\, software development\, web development\, computer programming\, jv
 m languages\n\nImported from: http://calagator.org/events/1250473733
URL:https://www.meetup.com/PDXJUG/events/250603125/
SUMMARY:Portland Java User Group (PJUG) - How to Protect against Deserial
 ization Attacks
LOCATION:Oracle Portland: 1211 SW 5th Ave #800\, Portland OR 97204 us
SEQUENCE:1
END:VEVENT
END:VCALENDAR