JSON Security: Injection, Deserialization, Safe Parsing
JSON security: injection attacks, prototype pollution, deserialization vulnerabilities, and safe parsing practices for web applications and APIs.
Published:
Tags: json, security, developer-tools
JSON Security: Injection, Deserialization Attacks, and Safe Parsing JSON is simple enough that developers routinely underestimate its attack surface. The format itself is safe — but the code surrounding JSON processing is where vulnerabilities live. String concatenation to build JSON, unchecked polymorphic deserialization in Java, deeply nested payloads, and certain JavaScript merge patterns all have well-documented exploitation paths. According to OWASP Security Research 2024, JSON injection vulnerabilities account for 8-12% of API security breaches. What is json injection: never build json with string concatenation? Building a JSON string by concatenating user-supplied values is the original JSON vulnerability. If the user controls any part of the string, they can break out of the…
All articles · theproductguy.in