Deserialization vulnerabilities are one of the greatest nightmares for App Sec professionals. These attacks are also increasingly popular among malicious hackers because they are often easy to execute and difficult to prevent.
Oracle’s Q1 2017 Critical Patch Update includes a Java deserialization patch to help address a vulnerability that impacts virtually every Java app today running on a server which provides Remote Method Invocation (RMI). But that patch relies on a traditional approach to preventing deserialization attacks.
Waratek has developed a highly effective, virtualization based approach that does not rely on blacklisting or whitelisting to prevent attacks.