V5.5 — Deserialization Prevention
Deserialization Prevention: 4 L3 requirement(s). V5.5.1: Verify that serialized objects use integrity checks or are encrypted to prevent hostile object creation or data tamperin... V5.5.2: Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and ... V5.5.3: Verify that deserialization of untrusted data is avoided or is protected in both custom code and third-party libraries (... ... and 1 more.
| Property | Value |
|---|---|
| Section | V5.5 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-02 | Input Validation and Injection Prevention |
Source: OWASP Application Security Verification Standard 4.0.3