# Deserialization

## Description
Insecure deserialization vulnerabilities occur when untrusted data is used to abuse the logic of an application, inflict a denial of service attack, or execute arbitrary code upon deserialization. This is particularly dangerous in applications that serialize and deserialize objects.

## Common Attack Vectors
- Cookie values
- API requests (JSON, XML, YAML)
- Session data
- Cached data
- Message queues
- File uploads

## Testing Approach
Submit serialized objects with malicious payloads to test if the application deserializes untrusted data without proper validation.

## Payloads
See `deserialization-payloads.txt` for a comprehensive list of deserialization attack payloads.