Once, long ago, we looked upon serialisation as an important part of Java. As the years passed, we began to recognise the flaws in its design and sighed. Today we realise that the story of serialisation has become a dark and twisted tale. In this session see why we still need serialisation, how the inbuilt design is fatally flawed, and how it is being exploited and used against us. Learn how to work against the dark arts railed against us and understand how even the alternative forms of Java serialisation can still be open to attack. Does this tale have a happy ending? Can goodness prevail and can you make your application safe from Java serialisation weaknesses? Only you can decide.