Select > Reports > Portal > Repository > Standard Content > OWASP > A 8 - Insecure Deserialization.
Untrusted, or insecure, deserialization allows malicious users to use untrusted data to abuse the logic of an application, initiate a denial-of-service or injection attacks, or execute harmful code when the data is deserialized. The user could even replace a serialized object with objects of a different class. Deserialization is a common process where the web site or application takes data from a file, stream, or network and rebuilds it into an object. The serialized objects might be used in JSON, XML, or YAML.
To check for deserialization vulnerabilities, use the following report and dashboard:
Lists the hosts with most deserialization flaws.
Provides charts and a table to help you identify the top hosts, deserialization flaws, and flaws found over time. You can view the flaws by agent severity and risk indicator.