| CPC G06F 21/56 (2013.01) | 21 Claims |
|
1. A computer-implemented method of protecting a software application from a memory deserialization attack, the method including:
decompiling a software application to define a valid linking between classes, between methods, or between at least one class and at least one method of the software application;
receiving a data object at a server hosting the software application;
comparing (i) an aspect of the received data object with (ii) a representation of an expected data object, wherein (a) the aspect of the received data object is a runtime-requested linking between classes, between methods, or between at least one class and at least one method of the software application and (b) the representation of the expected data object is the defined valid linking; and
if the comparing identifies a difference between (i) and (ii), executing a protection action to limit a property of the received data object, thereby protecting the software application from a memory deserialization attack.
|