Skip to content

Developer's guide to Deserialization Attacks

Photo of
Hosted By
Kirk J. and 2 others


Howdy! It's time for our bi-monthly OWASP Wellington meetup, and this time we've got a great talk from Felix Shi about deserialisation attacks.

This talk is friendly for newcomers, and is suitable for any web developers to attend. If you'd like to learn more about what deserialisation is, and how it can cause issues, then please come along!

We're having the meetup at Aura again, make sure you check the location.

Please arrive at 5:45pm for a 6pm start.


Felix Shi - Developer's guide to Deserialization Attacks


A beginner friendly talk on deserialization attacks, targeted towards webapp devs and QA engineers. Heavy emphasis on explaining the attack vectors, the technical/business impact, and how to test for it.

There will be demos in some popular languages/frameworks - namely Python, Java, and C#.

Speaker Bio

Felix works in the security space at an online accounting software company named Xero. He joined in 2014 and his day job involves securing and breaking internally developed products. Before Xero he spent his previous years as a developer, and has been dabbling in the information security scene in Wellington.


We attempt to livestream and record our meetup talks and make them available on the OWASP Wellington playlist:

All going well, we will have a livestream of Felix's talk at this url:

The recording will be available at the above link.
Aura Information Security
Level 2, 117 Lambton Quay · Wellington
Google map of the user's next upcoming event's location