Main Catalog Informatics, Computer Engineering and Control Methods and Systems of Information Protection, Information Security

Why binaryformatter is the most dangerous function in .NET

Authors: Krashkin G.A, Glinskaya E.V.
Published in issue: #3(104)/2026
DOI:
Category: Informatics, Computer Engineering and Control \| Chapter: Methods and Systems of Information Protection, Information Security
Keywords: data exchange, web applications, insecure deserialization, .NET vulnerabilities, code execution, BinaryFormatter, application security
Published: 03.06.2026

In the article explores the risks of using unsafe deserialization in web applications on the .NET Core platform. A critical vulnerability is identified, allowing an attacker to execute arbitrary code on the server. Practical recommendations are provided for replacing outdated components and implementing secure coding methods. The research results will help software developers to eliminate common errors and improve the overall security of applications, which is an important and timely contribution to solving the current issues of information security in modern software solutions based on the .NET Core platform, which are widely used in corporate environments.

References

[1] Barabash M.A. Distributed Systems. Serialization. RSDN Magazine, 2012, no. 1, pp. 43–50. (In Russ.). EDN: OXVAUL

[2] Volkov M.R. Identification and Authentication in ASP.NET Core Using ASP.NET Core Identity. Development of Science and Technology in Modern Russia (code – VKRN). II All-Russian Scientific and Practical Conf.: Collection of Materials. Moscow, Academicheskaya Sreda Publ., 2024, pp. 41–56. (In Russ.). EDN: AYUBUV

[3] Zykov S.V. Design of Automated Systems. Moscow, IP R Media Publ., 2024, 394 p. (In Russ.). EDN: DKVCLV

[4] Kozlov A.D., Lebedev V.N., Marakanov I.N. Modern Data Exchange Technologies for Distributed Corporate Information Systems. Moscow, V.A. Trapeznikov Institute of Control Sciences, Russian Academy of Sciences Publ., 2016, 191 p. (In Russ.). EDN: VWGRLV

[5] Chernomordov S.V. Connecting a Database to Windows Forms. Scientific Achievements and Discoveries of Modern Youth. Collection of Articles of the Winners of the Int. Res. and Pract. Conf. Penza, Science and Education (IP Gulyaev G.Yu.) Publ., 2017, Part 2, pp. 144–147. (In Russ.). EDN: YGQKTJ

[6] Istomin D.A. .NET Core Technology for Web Application Development. 78th Scientific Conf. of Students and Postgraduates of the Belarusian State University: Proceedings. Minsk, Belarusian State University Publ., 2021, Part 3, pp. 310–313. (In Russ.). EDN: HCYUYT

[7] Kravets V.V., Ivanov O.A., Shorin R.V. Logical Privilege Escalation Vulnerabilities in Windows OS. Theory and Practice of Information Security. All-Russian Scientific and Theoretical Conf.: Collection of Scientific Papers. Moscow, Moscow Technical University of Communications and Informatics Publ., 2021, pp. 6–9. (In Russ.). EDN: KIKXVU

[8] Kushchy D.N., Fedotenko I.I. Comparison and Examples of Using Information Security Tools in ASP.NET CORE Applications. Scientific Trends: Issues of Exact and Technical Sciences. XXX Int. Scientific Conf.: Collection of Scientific Papers. St. Petersburg, Scientific Publication Center of the International United Academy of Sciences Publ., 2020, pp. 9–13. (In Russ.). https://doi.org/10.18411/sciencepublic-12-08-2020-03

[9] Barabanov A.V. Method for collecting architecture security-specific information for microservice-based systems. Secure Information Technologies, 2021, pp. 27–31. EDN: CZJFGD

[10] Khandozhko G.V. Software Code Security Audit. Student: Science, Profession, Life. VII All-Russian Student Scientific Conf. with International Studies: Proceedings. Omsk, Omsk State Transport University Publ., 2020, Part 1, pp. 291–296. (In Russ.). EDN: SHSLBZ