ASVS Requirement 1.5.2

• Level: 2
• Chapter: V1 Encoding and Sanitization
• Section: V1.5 Safe Deserialization
• Source: 0x10-V1-Encoding-and-Sanitization.md

Description

Verify that deserialization of untrusted data enforces safe input handling, such as using an allowlist of object types or restricting client-defined object types, to prevent deserialization attacks. Deserialization mechanisms that are explicitly defined as insecure must not be used with untrusted input.