Serialization is an important and vital part of Java but we’ve all heard the dark tales of how it can be misused and subverted. In this talk, we’ll explain the basics of how serialization works, how the inbuilt design is fatally flawed, and how it is exploited and used against us. We’ll cover why we still need serialization and what can be done today to help reduce the risks.

What does the future hold for Serialization? This talk will also cover some of the emerging ideas to evolve the Java language and runtime to make Serialization woes a thing of the past. Not all fairy tales have happy endings. This one just might.