8.Insucure Deserialiaztion (OWASP TOP 10)

 Insecure Deserialization 

* Applications and APIs will be vulnerable if they deserialize hostile or tampered objects supplied by an attacker . this can result in two primary types of attacks.

 * Object and data structure related attacks where the attacker modifies application logic or achieves arbitrary remote code execution if these are classes available to the application that can change behavior   during or after deserialization.

* Typical data tampering attacks such as access-control-related  attacks where existing data structure are used but the content is changed.

* Example scenario :

A react application calls a set of spring boot micro services being functional programmers they tried to ensure that their code is immutable .The solution they came up with is serializing user state and passing it back and farth with each request . An attacker notices the "ROO" Java object signature and gain remote code execution on the   application server.