Explore deserialization vulnerability remediation techniques and automated gadget chain discovery in this conference talk. Learn about the persistent threat of unsafe deserialization in Java and other languages, despite years of awareness. Dive into a new methodology for automatically finding deserialization gadget chains, allowing security teams to quickly assess and prioritize vulnerabilities. Examine a free, open-source toolkit developed to implement this approach, which has been successfully used to evaluate vulnerabilities in both internal and open-source projects. Gain insights into the inner workings of deserialization vulnerabilities, including magic methods and gadget chains, and understand various remediation options. Discover new gadget chains in popular libraries like Clojure and Scala, and see real-world examples of vulnerability assessments in Netflix internal applications. Conclude with reflections on the emerging field of automatic gadget chain discovery and its implications for application security. Read more