- Serialization is the process of converting complex data structures such as objects and their fields, into a flat format that can be sent as a sequential stream of bytes
- Serialization makes it possible to:
- Write data to inter-process memory, files, or databases
- Send complex data over a network, between applications, or in APIs
- Deserialization is the process of restoring byte streams to functional replicas of the original object
- Can be known as marshalling (Ruby) or pickling (Python)
- Occurs when user-controllable data is deserialized by the website.
- Enables attackers to manipulate serialized objects to pass data into application code