Skip to content

Commit

Permalink
Update cheatsheets/DotNet_Security_Cheat_Sheet.md
Browse files Browse the repository at this point in the history
Co-authored-by: Shlomo Zalman Heigh <shlomozalmanheigh@gmail.com>
  • Loading branch information
jmanico and szh authored Mar 6, 2024
1 parent edc23fc commit 649ac55
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion cheatsheets/DotNet_Security_Cheat_Sheet.md
Original file line number Diff line number Diff line change
Expand Up @@ -795,7 +795,7 @@ DO: Perform integrity checks or validate digital signatures on serialized
objects received from the network

DO NOT: Use the BinaryFormatter type which is dangerous and [not recommended](https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide) for data processing.
NET offers several in-box serializers that can handle untrusted data safely:
.NET offers several in-box serializers that can handle untrusted data safely:
- XmlSerializer and DataContractSerializer to serialize object graphs into and from XML. Do not confuse DataContractSerializer with NetDataContractSerializer.
- BinaryReader and BinaryWriter for XML and JSON.
- The System.Text.Json APIs to serialize object graphs into JSON.
Expand Down

0 comments on commit 649ac55

Please sign in to comment.