Skip to content

Commit

Permalink
Update DotNet_Security_Cheat_Sheet.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmanico
jmanico authored Mar 6, 2024
1 parent 649ac55 commit 55298a0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions cheatsheets/DotNet_Security_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -796,6 +796,7 @@ objects received from the network

DO NOT: Use the BinaryFormatter type which is dangerous and [not recommended](https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide) for data processing.
.NET offers several in-box serializers that can handle untrusted data safely:

- XmlSerializer and DataContractSerializer to serialize object graphs into and from XML. Do not confuse DataContractSerializer with NetDataContractSerializer.
- BinaryReader and BinaryWriter for XML and JSON.
- The System.Text.Json APIs to serialize object graphs into JSON.
Expand Down

0 comments on commit 55298a0

Please sign in to comment.