[2] Oracle, Java Serialization,https://docs.oracle.com/javase/tutorial/jndi/objects/serial.html [3] IBM, Look-ahead Java deserialization,http://www.ibm.com/developerworks/library/se-lookahead [4] OWASP, Deserialization of untrusted data,https://www.owasp.org/index.php/Deserialization_of_untrus...