From 55298a0d1853ea1a592f0f0025a555ffbadfed6b Mon Sep 17 00:00:00 2001 From: Jim Manico Date: Wed, 6 Mar 2024 14:42:34 +0100 Subject: [PATCH] Update DotNet_Security_Cheat_Sheet.md --- cheatsheets/DotNet_Security_Cheat_Sheet.md | 1 + 1 file changed, 1 insertion(+) diff --git a/cheatsheets/DotNet_Security_Cheat_Sheet.md b/cheatsheets/DotNet_Security_Cheat_Sheet.md index b68bff7517..0216d6e0b6 100644 --- a/cheatsheets/DotNet_Security_Cheat_Sheet.md +++ b/cheatsheets/DotNet_Security_Cheat_Sheet.md @@ -796,6 +796,7 @@ objects received from the network DO NOT: Use the BinaryFormatter type which is dangerous and [not recommended](https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide) for data processing. .NET offers several in-box serializers that can handle untrusted data safely: + - XmlSerializer and DataContractSerializer to serialize object graphs into and from XML. Do not confuse DataContractSerializer with NetDataContractSerializer. - BinaryReader and BinaryWriter for XML and JSON. - The System.Text.Json APIs to serialize object graphs into JSON.