C#/.NET Security
.NET
.NET applications have unique vulnerability patterns including LINQ injection, ViewState attacks, and BinaryFormatter deserialization.
SQL Injection in .NET
csharp
// VULNERABLE - String concatenation
string query = "SELECT * FROM Users WHERE Id = " + userId;
SqlCommand cmd = new SqlCommand(query, connection);
// SECURE - Parameterized queries
string query = "SELECT * FROM Users WHERE Id = @Id";
SqlCommand cmd = new SqlCommand(query, connection);
cmd.Parameters.AddWithValue("@Id", userId);
// Entity Framework - Usually safe
var user = context.Users.Where(u => u.Id == userId).FirstOrDefault();
// VULNERABLE - Raw SQL in EF
var users = context.Users.FromSqlRaw($"SELECT * FROM Users WHERE Name = '{name}'");
// SECURE - Parameterized raw SQL
var users = context.Users.FromSqlRaw("SELECT * FROM Users WHERE Name = {0}", name);.NET Deserialization
csharp
// VULNERABLE - BinaryFormatter (NEVER use with untrusted data)
BinaryFormatter formatter = new BinaryFormatter();
object obj = formatter.Deserialize(stream); // RCE possible
// VULNERABLE - Other dangerous formatters
// - SoapFormatter
// - NetDataContractSerializer
// - ObjectStateFormatter (ViewState)
// - LosFormatter
// SECURE - Use JSON.NET with TypeNameHandling.None
JsonSerializerSettings settings = new JsonSerializerSettings {
TypeNameHandling = TypeNameHandling.None // Default, safe
};
var obj = JsonConvert.DeserializeObject<MyClass>(json, settings);
// VULNERABLE - TypeNameHandling.Auto/All
JsonSerializerSettings settings = new JsonSerializerSettings {
TypeNameHandling = TypeNameHandling.All // DANGEROUS
};
// Check for ViewState vulnerabilities (older ASP.NET)
// If MAC validation disabled, can inject serialized objects