OWASP provides a Deserialization Cheat Sheet that offers guidance on how to safely deserialize untrusted data.
You can use Ocular to search for references to the relevant methods:
The OWASP guide also suggests hardening classes derived from
Serializable. Ocular can help you identify classes that inherit directly from
To get a list of classes that inherit from
Serializable (either directly or
In the context of deserialization vulnerabilities, you may also want to review the library version. For example, to determine the version of the "XStream" library in use, run: