Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| MarshalByRefObj objects from clients are not accepted without validating the source of the object. |
|
| The risk of serialization attacks are mitigated by setting the typeFilterLevel attribute programmatically or in the application's Web.config file. |
|
| All field items that are retrieved from serialized data streams are validated as they are created on the server side. |
Категории