PayPal has addressed a serious remote code execution vulnerability caused by a Java deserialization bug disclosed last year, and shared some recommendations for security practitioners based on the lessons learned in the process of dealing with the issue.
Deserialization of Untrusted Data
Original author: Eduard Kovacs