Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?
- Deserialization of trusted data must cross a trust boundary
- Understand the security permissions given to serialization and deserialization
- Allow serialization for security-sensitive classes
- Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes