-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure deserialization active scanner #4112
Comments
Other projects or info:
|
Another Project that could maybe be ported: |
Has anyone already started to work on this? |
I don't think so. |
I would potentially be interested in this if it's still open? I couldn't find an insecure deserialization rule in the Active Scan docs, but just want to be sure |
This is definitely still available. |
Awesome, will start looking into it |
@ssyms Are you still on this? I would like to look into this. |
@pranavsaxena17 Yes, I've been a bit busy since the New Year but I have done some work on it and would like to finish. |
Id like to start working on this one; any suggestion I'm new to the team Greetings |
Hi Jon, I am done implementing functionality for Java deserialization, just working on adding tests. Maybe you could look into integrating the .NET tool? (https://github.com/pwntester/ysoserial.net) |
I will |
@ssyms @jangelesg how are things going? do you need any help with this issue? |
@ricekot I'm open to this ticket being re-assigned. A lot of personal stuff has come up in the past year and I'm still busy dealing with it. |
As already discussed in #3883, this is now part of the new Top 10 - A8. Could be cool to add such an active scan rule - based on this tool could be a good start for .NET...
The text was updated successfully, but these errors were encountered: