For users of YAWAST / yawast-ng: The project has moved to a new location, and will have a major feature update next week, with plugins, new injection testing, automation & performance improvements, and more.
-
For users of YAWAST / yawast-ng: The project has moved to a new location, and will have a major feature update next week, with plugins, new injection testing, automation & performance improvements, and more. It'll be the biggest release in years. https://github.com/adcaudill/yawast-ng
-
For users of YAWAST / yawast-ng: The project has moved to a new location, and will have a major feature update next week, with plugins, new injection testing, automation & performance improvements, and more. It'll be the biggest release in years. https://github.com/adcaudill/yawast-ng
@adam_caudill The blog on JSON deserialization has a great introduction (and it is linked by NIST) but the last example seems wrong. The constructor code from a custom class definition will not be part of serialized data. It's only existing commonly used classes whose code can be abused on deserializing their instances.
-
R relay@relay.infosec.exchange shared this topic
