Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by providing filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page, as shown in the following figure.
Deserialization Blacklist landing page
For more information, see Configuring the deserialization filter.