Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?

Applications written ASP.NET can take advantage of the antiforgery middleware to prevent Cross Site Request Forgery attacks. When properly used, this middleware requires requests to include both a cookie and parameter value which must validate together (along with the user’s session) before the request will be processed.

So what exactly is SSRF? How does it work, why is it more prevalent in 2020, and how can we protect against it?

In this article we will address the current situation, how hackers can exploit your websites, what you can do to protect yourself and where AppCheck comes in as an automated penetration testing tool to make sure you’re not leaving yourself vulnerable.