Insecure-Deserialization Insecure Deserialization is a critical bug, that based on the application behavior with the object. You can find here: The Lab (the challenge, written in PHP) Presentation was represented in OWASP Amman Chapter 2nd meetup (in PDF format).