US Patent 11017094 System and method for java deserialization vulnerability detection

A method for generating a deserialization vulnerability report of a Java project, includes: determining, by a computing device, if interior knowledge of the Java project is available, and when the interior knowledge of the Java project isn't available, performing a black box analysis to generate the deserialization vulnerability report; and when the interior knowledge of the Java project is available, determining by the computing device if source code of the Java project is accessible, when the source code of the Java project is accessible, performing a white box analysis to generate the deserialization vulnerability report, and when the source code of the Java project isn't accessible, performing a gray box analysis to generate the deserialization vulnerability report.