Skip to main content

Protect against insecure deserialization (8.2)

Suggest edit Updated on May 3, 2021

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by providing filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page, as shown in the following figure.

Thumbnail

Deserialization Blacklist landing page

For more information, see Configuring the deserialization filter.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us