Using Serialization and Deserialization Attacks to Defend Your APIs

As an attacker I like to see that because then I can extract more information quickly. It's not just for denial of service type attacks but abuse being able to modify or manipulate there's things like Wysos serial dot net which is a dot net payload generator for deserialization attacks. If you know how it works you can actually generate payloads that can give you reverse shells from your API simply by knowing how to how to cause a deserialization attack.