High secure serialization
for the JVM and Android
MicroStream eliminates the biggest security flaw of Java.
It provides high secure data transfer and makes your software applications immune to dangerous cyber attacks.
Build highly secure software applications with Java that protect your data and create valuable trust.
MicroStream is open source. Latest version 7.
Standard Java serialization is a high security risk
Java serialization is used to transfer data between Java apps and services over network. Serialization is used by almost any library, framework, and business application written in Java. However, Java serialization has serious vulnerabilities that are regularly used to attack and harm Java users.

Security flaws
Not only data, but also class information are transferred
All serializable classes in the classpath are executed automatically through deserialization
Creating and injecting malicious code is scarily easy
Using simplistic black- and white-list techniques are insufficient
Most dependencies use serialization
Limitations
Classes to serialize must implement the interface java.io.Serializable
Objects from 3rd party APIs that haven't implemented Serializable can't be serialized
Not through API contract, but 'magic'
Depth of an object graph is limited
Schema evolution is not supported
Java serialization is slow

Serialization was a horrible mistake.
Half of all Java vulnerabilities are linked to serialization.
Mark ReinholdChief Architect of the Java Platform
Oracle
Learn from experts how scarily ease serialization can be abused to hack your applications...
Other encoding ...
Switching to another encoding doesn't solve the main problem of serialization, which is: how we can safely extract and reconstruct the state of objects to be serialized.
Brian GoetzArchitect of the Java Language
Oracle
Bytecode-based
Base on Java serialization and thus inherit its mistakes, security flaws, and limitations
Depth of an object graph is limited
Schema evolution is not covered
Human-readable
Circular references are not possible
Not suited for complex object graphs
Existing object integrity will be broken
With increasing complexity, exponential increasing overhead
Data must be parsed twice
Eliminate deserialization attacks and make your Java applications highly secure ...

High secure serialization platform
Java serialization is used to transfer data between Java apps and services over network. Serialization is used by almost any library, framework, and business application written in Java. However, Java serialization has serious vulnerabilities that are regularly used to attack and harm Java users.

Highly secure
Strictly separation of data and code
Neither code, nor any class information is transferred
No code is executed through deserialization
Objects are generated by the framework
Injecting maliciouscode won't have any consequences, because executing is impossible
Biggest security flaw of Java is eliminated
No Limitations
Implementing the interface java.io.Serializable is not required at all
Serialize any object
Any object from 3rd party APIs can be serialized
Built for any complex object graphs, circular references are troublefree
Depth of an object graph is not limited, no stack-based recursion
No requirements to your classes, no interfaces, superclasses or annotations required

// create a serializer which handles byte arrays
Serializer serializer = Serializer.Bytes();
// serialize a company
byte[] data = serializer.serialize(company);
// deserialize the data back to a company
Company company = serializer.deserialize(data);
Serialize any object
MicroStream lets you serialize any object. There are no specific superclasses, interfaces or annotations at all. Even serializing objects from third-party APIs is trouble-free
Implementing Serializable is not required
No superclasses, interfaces, annotations
Inheritance is trouble-free
Custom-tailored type handling

public class Customer {
private String firstname;
private String lastname;
private String email;
private LocalDate dateOfBirth;
private Boolean active;
private Set<Order> orders;
...
}

Built for complex object graphs
The strength of MicroStream is that you can serialize any object graph of any size and complexity. The more complex your object graph is, the faster MicroStream is in comparison to other encodings
Any circular reference
Depth of an object graph is not limited
No stack-based recursion

Optimized byte format
MicroStream uses a highly optimized byte format. This enables circular references, unlimited size, complexity, and depth of your object graphs, and minimizes overhead.
Converter
The MicroStream byte format can be converted into CSV and other encoding formats.
Long-term support warranty
The MicroStream byte format is supported for 10 years guaranteed.

Versioning
Classes evolve over time. Therefore, MicroStream provides a legacy type mapping that lets you manage different versions of your classes.
New, changed and removed fields
Primitive types
Any objects
Renamed and deleted classes
Native image compatible
MicroStream serialization runs trouble-free and without any adoption effort on GraalVM native images.

Use any JVM Technology
MicroStream is a small Java library that can be used with all JVM languages.

Solutions integrated MicroStream


Enterprise-grade
open source
MicroStream serializer
Open Source
Secure your open-source code, provide high security
and build valuable trust.
Driven by our fast growing community
Transparent development of new features, concepts and innovations
Community support on GitHub & StackOverflow
MicroStream serializer
Enterprise
Recommended for enterprises using MicroStream
for business critical applications or products:
Timely adjustments to the latest Java versions
Converter
Convert MicroStream format into another encoding formatEnterprise-grade security updates
Timely security updates to eliminate vulnerabilitiesLong-term warranty
MicroStream format support for 10 years guaranteedEnterprise-grade support