[1] Microsoft BinaryFormatter serialization methods are obsolete and prohibited in ASP.NET apps
[2] Microsoft Deserialization risks in use of BinaryFormatter and related types
[3] Standards Mapping - Common Weakness Enumeration
CWE ID 470, CWE ID 494[4] Standards Mapping - Common Weakness Enumeration Top 25 2024
[12] CWE ID 020[5] Standards Mapping - DISA Control Correlation Identifier Version 2
CCI-001764, CCI-001774, CCI-002754[6] Standards Mapping - FIPS200
SI[7] Standards Mapping - General Data Protection Regulation (GDPR)
Indirect Access to Sensitive Data[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012
Rule 1.3[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023
Directive 4.14, Rule 1.3[10] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008
Rule 0-3-1[11] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023
Rule 4.1.3[12] Standards Mapping - NIST Special Publication 800-53 Revision 4
CM-7 Least Functionality (P1), SI-10 Information Input Validation (P1)[13] Standards Mapping - NIST Special Publication 800-53 Revision 5
CM-7 Least Functionality, SI-10 Information Input Validation[14] Standards Mapping - OWASP Application Security Verification Standard 4.0
1.14.2 Configuration Architectural Requirements (L2 L3), 10.3.2 Deployed Application Integrity Controls (L1 L2 L3), 12.3.3 File Execution Requirements (L1 L2 L3), 14.2.3 Dependency (L1 L2 L3)[15] Standards Mapping - OWASP Mobile 2014
M7 Client Side Injection[16] Standards Mapping - OWASP Mobile 2024
M4 Insufficient Input/Output Validation[17] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0
MASVS-CODE-4[18] Standards Mapping - OWASP Top 10 2004
A1 Unvalidated Input[19] Standards Mapping - OWASP Top 10 2007
A4 Insecure Direct Object Reference[20] Standards Mapping - OWASP Top 10 2010
A4 Insecure Direct Object References[21] Standards Mapping - OWASP Top 10 2013
A4 Insecure Direct Object References[22] Standards Mapping - OWASP Top 10 2017
A5 Broken Access Control[23] Standards Mapping - OWASP Top 10 2021
A03 Injection[24] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1
Requirement 6.5.1[25] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2
Requirement 6.3.1.1, Requirement 6.5.4[26] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0
Requirement 6.5.8[27] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0
Requirement 6.5.8[28] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1
Requirement 6.5.8[29] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2
Requirement 6.5.8[30] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1
Requirement 6.5.8[31] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0
Requirement 6.2.4[32] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1
Requirement 6.2.4[33] Standards Mapping - Payment Card Industry Software Security Framework 1.0
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control[34] Standards Mapping - Payment Card Industry Software Security Framework 1.1
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation[35] Standards Mapping - Payment Card Industry Software Security Framework 1.2
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.2.3 - Web Software Access Controls, Control Objective C.3.2 - Web Software Attack Mitigation, Control Objective C.3.5 - Web Software Attack Mitigation[36] Standards Mapping - Security Technical Implementation Guide Version 3.1
APP3510 CAT I, APP3570 CAT I[37] Standards Mapping - Security Technical Implementation Guide Version 3.4
APP3510 CAT I, APP3570 CAT I[38] Standards Mapping - Security Technical Implementation Guide Version 3.5
APP3510 CAT I, APP3570 CAT I[39] Standards Mapping - Security Technical Implementation Guide Version 3.6
APP3510 CAT I, APP3570 CAT I[40] Standards Mapping - Security Technical Implementation Guide Version 3.7
APP3510 CAT I, APP3570 CAT I[41] Standards Mapping - Security Technical Implementation Guide Version 3.9
APP3510 CAT I, APP3570 CAT I[42] Standards Mapping - Security Technical Implementation Guide Version 3.10
APP3510 CAT I, APP3570 CAT I[43] Standards Mapping - Security Technical Implementation Guide Version 4.2
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[44] Standards Mapping - Security Technical Implementation Guide Version 4.3
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[45] Standards Mapping - Security Technical Implementation Guide Version 4.4
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[46] Standards Mapping - Security Technical Implementation Guide Version 4.5
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[47] Standards Mapping - Security Technical Implementation Guide Version 4.6
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[48] Standards Mapping - Security Technical Implementation Guide Version 4.7
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[49] Standards Mapping - Security Technical Implementation Guide Version 4.8
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[50] Standards Mapping - Security Technical Implementation Guide Version 4.9
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[51] Standards Mapping - Security Technical Implementation Guide Version 4.10
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[52] Standards Mapping - Security Technical Implementation Guide Version 4.11
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[53] Standards Mapping - Security Technical Implementation Guide Version 4.1
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[54] Standards Mapping - Security Technical Implementation Guide Version 5.1
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[55] Standards Mapping - Security Technical Implementation Guide Version 5.2
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002560 CAT I[56] Standards Mapping - Security Technical Implementation Guide Version 5.3
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002530 CAT II, APSC-DV-002560 CAT I[57] Standards Mapping - Security Technical Implementation Guide Version 6.1
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002530 CAT II, APSC-DV-002560 CAT I[58] Standards Mapping - Security Technical Implementation Guide Version 6.2
APSC-DV-001480 CAT II, APSC-DV-001490 CAT II, APSC-DV-002530 CAT II, APSC-DV-002560 CAT I[59] Standards Mapping - Web Application Security Consortium Version 2.00
Improper Input Handling (WASC-20)