Serialization changes the format of an object in code to make sending it to a server more efficient. The server then deserializes the object upon receipt so it can process the request. Insecure deserialization of objects allows attackers to make calls to system resources upon deserialization. This vulnerability leads to remote code execution along with replay attacks, injection attacks, and privilege escalation attacks. Look for: