# A8 - Insecure Deserialization > Insecure Deserialisation is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialised. This issue is included in the Top 10 based on an industry survey and not on quantifiable data. Some tools can discover deserialization flaws, but human assistance is frequently needed to validate the problem. It is expected that prevalence data for deserialization flaws will increase as tooling is developed to help identify and address it. **Impact** The impact of deserialization flaws cannot be overstated. These flaws can lead to remote code execution attacks, one of the most serious attacks possible. The business impact depends on the protection needs of the application and data. How to Prevent The only safe architectural pattern is not to accept serialized objects from untrusted sources or to use serialization mediums that only permit primitive data types. If that is not possible, consider one of more of the following: * Implementing integrity checks such as digital signatures on any serialized objects to prevent hostile object creation or data tampering. * Enforcing strict type constraints during deserialization before object creation as the code typically expects a definable set of classes. Bypasses to this technique have been demonstrated, so reliance solely on this is not advisable. * Isolating and running code that deserializes in low privilege environments when possible. * Log deserialization exceptions and failures, such as where the incoming type is not the expected type, or the deserialization throws exceptions. * Restricting or monitoring incoming and outgoing network connectivity from containers or servers that deserialize. * Monitoring deserialization, alerting if a user deserializes constantly. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infosecgirls.gitbook.io/infosecgirls-training/appsec/web-application-pentesting/a8-insecure-deserialization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.