Skip to content

Commit

Permalink
Update cheatsheets/DotNet_Security_Cheat_Sheet.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Shlomo Zalman Heigh <shlomozalmanheigh@gmail.com>
  • Loading branch information
@jmanico @szh
jmanico and szh authored Mar 6, 2024
1 parent a2a6e04 commit edc23fc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion cheatsheets/DotNet_Security_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ DO NOT: Send unsigned or unencrypted serialized objects over the network
DO: Perform integrity checks or validate digital signatures on serialized
objects received from the network

DO NOT: Use the BinaryFormatter type which is dangerous and not recommended for data processing.
DO NOT: Use the BinaryFormatter type which is dangerous and [not recommended](https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide) for data processing.
NET offers several in-box serializers that can handle untrusted data safely:
- XmlSerializer and DataContractSerializer to serialize object graphs into and from XML. Do not confuse DataContractSerializer with NetDataContractSerializer.
- BinaryReader and BinaryWriter for XML and JSON.
Expand Down

0 comments on commit edc23fc

Please sign in to comment.