Rules
Browse all 450 Microsoft C# rules. Join or create a group to vote.
450 rules
Name can be simplified
Name can be simplified
Simplify member access
Simplify member access
Member access should be qualified
Member access should be qualified
Remove unnecessary cast
Remove unnecessary cast
Open declaration can be removed
Open declaration can be removed
Use var
Prefer `var` over an explicit type in local variable declarations.
Use explicit type instead of var
Use explicit type instead of var
Member access should be qualified
Member access should be qualified
Add missing cases to switch statement
Add missing cases to switch statement
Add braces
Require braces around the bodies of if, else, for, while, and similar statements.
Use throw expression
Use throw expression
Use object initializers
Prefer object initializers over separate property assignments.
Inline variable declaration
Inline variable declaration
Use pattern matching to avoid as followed by a null check
Use pattern matching to avoid as followed by a null check
Use pattern matching to avoid is check followed by a cast (without variable)
Use pattern matching to avoid is check followed by a cast (without variable)
Use expression body for constructors
Use expression body for constructors
Use expression body for methods
Use expression body for methods
Use expression body for operators
Use expression body for operators
Use expression body for operators
Use expression body for operators
Use expression body for properties
Use expression body for properties
Use expression body for indexers
Use expression body for indexers
Use expression body for accessors
Use expression body for accessors
Use collection initializers
Prefer collection initializers over repeated `Add` calls.
Use coalesce expression
Prefer the null-coalescing operator `??` over equivalent conditionals.
Null check can be simplified (if null check)
Null check can be simplified (if null check)
Use null propagation
Prefer the null-conditional operator `?.` over null-check conditionals.
Use auto-implemented property
Use auto-implemented property
Use explicitly provided tuple name
Use explicitly provided tuple name
Simplify default expression
Simplify default expression
Remove unreachable code
Remove unreachable code
Use inferred member name
Use inferred member name
Use pattern matching to avoid is check followed by a cast (without variable)
Use pattern matching to avoid is check followed by a cast (without variable)
Use local function instead of lambda
Use local function instead of lambda
Add accessibility modifiers
Require explicit accessibility modifiers (e.g. `private`) on members.
Use 'is null' check
Use 'is null' check
Deconstruct variable declaration
Deconstruct variable declaration
Add readonly modifier
Mark fields that are only assigned in the constructor as `readonly`.
Use conditional expression for assignment
Use conditional expression for assignment
Use conditional expression for return
Use conditional expression for return
Add parentheses for clarity
Add parentheses for clarity
Add parentheses for clarity
Add parentheses for clarity
Use language keywords instead of framework type names for type references
Use language keywords instead of framework type names for type references
Convert anonymous type to tuple
Convert anonymous type to tuple
Remove unused private member
Remove unused private member
Remove unread private member
Remove unread private member
Use expression body for lambdas
Use expression body for lambdas
Use coalesce compound assignment
Use coalesce compound assignment
Fix formatting
Enforce consistent whitespace, indentation, and new-line formatting.
Remove unnecessary expression value
Remove unnecessary expression value
The value is unused
The value is unused
Remove unused parameter
Flag parameters that are never used by the method body.
Use expression body for local functions
Use expression body for local functions
Make local function static
Make local function static
Use simple using statement
Prefer the declaration-form `using` statement over a `using` block.
Make struct fields writable
Make struct fields writable
using directive placement
Control whether `using` directives go inside or outside the namespace.
Use switch expression
Prefer a `switch` expression over a `switch` statement where applicable.
Use System.HashCode.Combine
Use System.HashCode.Combine
Simplify interpolation
Simplify interpolation
Add missing cases to switch expression
Add missing cases to switch expression
Require file header
Require file header
Use coalesce compound assignment
Use coalesce compound assignment
Simplify conditional expression
Simplify conditional expression
Remove invalid global SuppressMessageAttribute
Remove invalid global SuppressMessageAttribute
Avoid legacy format target in global SuppressMessageAttribute
Avoid legacy format target in global SuppressMessageAttribute
Use pattern matching
Use pattern matching
Remove unnecessary suppression
Remove unnecessary suppression
Remove unnecessary suppression operator
Remove unnecessary suppression operator
Convert typeof to nameof
Convert typeof to nameof
Use pattern matching (not operator)
Use pattern matching (not operator)
Use pattern matching (IsNot operator)
Use pattern matching (IsNot operator)
Simplify new expression
Use target-typed `new()` when the type is apparent.
Remove unnecessary equality operator
Remove unnecessary equality operator
Remove unnecessary discard
Remove unnecessary discard
Simplify LINQ expression
Simplify LINQ expression
Simplify LINQ type check and cast
Simplify LINQ type check and cast
Namespace does not match folder structure
Namespace does not match folder structure
Simplify object creation
Simplify object creation
Prefer null check over type check
Prefer null check over type check
Use file-scoped namespace
Use file-scoped namespace
Use file-scoped namespace
Prefer file-scoped namespace declarations.
Simplify property pattern
Simplify property pattern
Use tuple to swap values
Use tuple to swap values
Remove unnecessary lambda expression
Remove unnecessary lambda expression
Convert to top-level statements
Convert to top-level statements
Convert to 'Program.Main' style program
Convert to 'Program.Main' style program
Use UTF-8 string literal
Use UTF-8 string literal
Nullable directive is redundant
Nullable directive is redundant
Nullable directive is unnecessary
Nullable directive is unnecessary
Struct can be made 'readonly'
Struct can be made 'readonly'
Member can be made 'readonly'
Member can be made 'readonly'
Use pattern matching
Use pattern matching
Null check can be simplified (if null check)
Null check can be simplified (if null check)
Use primary constructor
Use primary constructor
Use collection expression for array
Use collection expression for array
Use collection expression for empty
Use collection expression for empty
Use collection expression for stackalloc
Use collection expression for stackalloc
Use collection expression for Create
Use collection expression for Create
Use collection expression for builder
Use collection expression for builder
Use collection expression for fluent
Use collection expression for fluent
Use collection expression for new
Use collection expression for new
Make anonymous function static
Make anonymous function static
Prefer 'System.Threading.Lock'
Prefer 'System.Threading.Lock'
Use unbound generic type
Use unbound generic type
Use implicitly typed lambda
Use implicitly typed lambda
Simplify property accessor
Simplify property accessor
Remove unnecessary suppression
Remove unnecessary suppression
Remove unnecessary unsafe modifier
Remove unnecessary unsafe modifier
Use conditional delegate call
Use conditional delegate call
Naming styles
Enforce naming conventions (e.g. PascalCase for public members).
Avoid multiple blank lines
Avoid multiple blank lines
Embedded statements must be on their own line
Embedded statements must be on their own line
Consecutive braces must not have blank line between them
Consecutive braces must not have blank line between them
Blank line required between block and subsequent statement
Blank line required between block and subsequent statement
Blank line not allowed after constructor initializer colon
Blank line not allowed after constructor initializer colon
Blank line not allowed after conditional expression token
Blank line not allowed after conditional expression token
Blank line not allowed after arrow expression clause token
Blank line not allowed after arrow expression clause token
Do not declare static members on generic types
Do not declare static members on generic types
Types that own disposable fields should be disposable
Types that own disposable fields should be disposable
Avoid excessive parameters on generic types
Avoid excessive parameters on generic types
Collections should implement generic interface
Collections should implement generic interface
Abstract types should not have public constructors
Abstract types should not have public constructors
Mark assemblies with CLSCompliantAttribute
Mark assemblies with CLSCompliantAttribute
Mark assemblies with AssemblyVersionAttribute
Mark assemblies with AssemblyVersionAttribute
Mark assemblies with ComVisibleAttribute
Mark assemblies with ComVisibleAttribute
Mark attributes with AttributeUsageAttribute
Mark attributes with AttributeUsageAttribute
Define accessors for attribute arguments
Define accessors for attribute arguments
Do not catch general exception types
Avoid catching `Exception` or `SystemException` broadly.
Implement standard exception constructors
Implement standard exception constructors
Interface methods should be callable by child types
Interface methods should be callable by child types
Use integral or string argument for indexers
Use integral or string argument for indexers
Do not overload operator equals on reference types
Do not overload operator equals on reference types
Do not declare protected members in sealed types
Do not declare protected members in sealed types
Do not declare visible instance fields
Expose data through properties rather than public fields.
Static holder types should be Static or NotInheritable
Static holder types should be Static or NotInheritable
Static holder types should not have default constructors
Static holder types should not have default constructors
URI return values should not be strings
URI return values should not be strings
Types should not extend certain base types
Types should not extend certain base types
Validate arguments of public methods
Null-check reference parameters of externally visible methods.
Do not raise exceptions in unexpected locations
Do not raise exceptions in unexpected locations
Implement IEquatable when overriding Equals
Implement IEquatable when overriding Equals
Override Equals when implementing IEquatable
Override Equals when implementing IEquatable
CancellationToken parameters must come last
CancellationToken parameters must come last
Avoid using cref tags with a prefix
Avoid using cref tags with a prefix
Do not pass literals as localized parameters
Do not pass literals as localized parameters
Specify IFormatProvider
Pass an explicit culture / format provider to formatting APIs.
Specify StringComparison for clarity
Specify StringComparison for clarity
Specify StringComparison for correctness
Pass an explicit StringComparison to string operations.
Specify a culture or use an invariant version
Specify a culture or use an invariant version
P/Invokes should not be visible
P/Invokes should not be visible
Validate platform compatibility
Validate platform compatibility
Do not use OutAttribute on string parameters for P/Invokes
Do not use OutAttribute on string parameters for P/Invokes
Validate platform compatibility
Validate platform compatibility
Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle'
Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle'
Property, type, or attribute requires runtime marshalling
Property, type, or attribute requires runtime marshalling
Method uses runtime marshalling when DisableRuntimeMarshallingAttribute is applied
Method uses runtime marshalling when DisableRuntimeMarshallingAttribute is applied
Validate platform compatibility - obsoleted APIs
Validate platform compatibility - obsoleted APIs
Invalid entry in code metrics configuration file
Invalid entry in code metrics configuration file
Use ArgumentNullException throw helper
Use ArgumentNullException throw helper
Use ArgumentException throw helper
Use ArgumentException throw helper
Use ArgumentOutOfRangeException throw helper
Use ArgumentOutOfRangeException throw helper
Use ObjectDisposedException throw helper
Use ObjectDisposedException throw helper
Consider making public types internal
Consider making public types internal
Do not name enum values 'Reserved'
Do not name enum values 'Reserved'
Identifiers should not contain underscores
Identifiers should not contain underscores
Identifiers should differ by more than case
Identifiers should differ by more than case
Identifiers should not have incorrect suffix
Identifiers should not have incorrect suffix
Do not prefix enum values with type name
Do not prefix enum values with type name
Events should not have before or after prefix
Events should not have before or after prefix
Only FlagsAttribute enums should have plural names
Only FlagsAttribute enums should have plural names
Identifiers should not contain type names
Identifiers should not contain type names
Property names should not match get methods
Property names should not match get methods
Parameter names should match base declaration
Parameter names should match base declaration
Initialize reference type static fields inline
Initialize reference type static fields inline
Avoid uninstantiated internal classes
Avoid uninstantiated internal classes
Prefer jagged arrays over multidimensional
Prefer jagged arrays over multidimensional
Override equals and operator equals on value types
Override equals and operator equals on value types
Call GC.SuppressFinalize correctly
Call `GC.SuppressFinalize(this)` in Dispose implementations.
Test for empty strings using string length
Test for empty strings using string length
Mark members as static
Mark members that do not access instance state as `static`.
Mark assemblies with NeutralResourcesLanguageAttribute
Mark assemblies with NeutralResourcesLanguageAttribute
Avoid zero-length array allocations
Use `Array.Empty<T>()` instead of allocating an empty array.
Use property instead of Linq Enumerable method
Use property instead of Linq Enumerable method
Do not use Count()/LongCount() when Any() can be used
Do not use Count()/LongCount() when Any() can be used
Do not use CountAsync/LongCountAsync when AnyAsync can be used
Do not use CountAsync/LongCountAsync when AnyAsync can be used
Use Length/Count property instead of Enumerable.Count method
Use Length/Count property instead of Enumerable.Count method
Prefer strongly-typed Append and Insert method overloads on StringBuilder
Prefer strongly-typed Append and Insert method overloads on StringBuilder
Use AsSpan instead of Range-based indexers for string when appropriate
Use AsSpan instead of Range-based indexers for string when appropriate
Use AsSpan or AsMemory instead of Range-based indexers for getting ReadOnlySpan or ReadOnlyMemory portion of an array
Use AsSpan or AsMemory instead of Range-based indexers for getting ReadOnlySpan or ReadOnlyMemory portion of an array
Use AsSpan or AsMemory instead of Range-based indexers for getting Span or Memory portion of an array
Use AsSpan or AsMemory instead of Range-based indexers for getting Span or Memory portion of an array
Use StringBuilder.Append(char) for single character strings
Use StringBuilder.Append(char) for single character strings
Prefer the memory-based overloads of ReadAsync/WriteAsync methods in stream-based classes
Prefer the memory-based overloads of ReadAsync/WriteAsync methods in stream-based classes
Prefer IsEmpty over Count when available
Prefer IsEmpty over Count when available
Use Environment.ProcessId instead of Process.GetCurrentProcess().Id
Use Environment.ProcessId instead of Process.GetCurrentProcess().Id
Avoid StringBuilder parameters for P/Invokes
Avoid StringBuilder parameters for P/Invokes
Use Environment.ProcessPath instead of Process.GetCurrentProcess().MainModule.FileName
Use Environment.ProcessPath instead of Process.GetCurrentProcess().MainModule.FileName
Use Environment.CurrentManagedThreadId instead of Thread.CurrentThread.ManagedThreadId
Use Environment.CurrentManagedThreadId instead of Thread.CurrentThread.ManagedThreadId
Do not use 'WhenAll' with a single task
Do not use 'WhenAll' with a single task
Do not use 'WaitAll' with a single task
Do not use 'WaitAll' with a single task
Provide memory-based overrides of async methods when subclassing 'Stream'
Provide memory-based overrides of async methods when subclassing 'Stream'
Use String.Contains(char) instead of String.Contains(string) with single characters
Use String.Contains(char) instead of String.Contains(string) with single characters
Call async methods when in an async method
Prefer awaiting async APIs over their blocking counterparts.
Prefer static HashData method over ComputeHash
Prefer static HashData method over ComputeHash
Possible multiple enumerations of IEnumerable collection
Possible multiple enumerations of IEnumerable collection
Unnecessary call to 'Dictionary.ContainsKey(key)'
Unnecessary call to 'Dictionary.ContainsKey(key)'
Prefer the IDictionary.TryGetValue(TKey, out TValue) method
Prefer the IDictionary.TryGetValue(TKey, out TValue) method
Use Span\<T>.Clear() instead of Span\<T>.Fill()
Use Span\<T>.Clear() instead of Span\<T>.Fill()
Incorrect usage of ConstantExpected attribute
Incorrect usage of ConstantExpected attribute
The parameter expects a constant for optimal performance
The parameter expects a constant for optimal performance
Use concrete types when possible for improved performance
Use concrete types when possible for improved performance
Avoid using 'Enumerable.Any()' extension method
Avoid using 'Enumerable.Any()' extension method
Use the 'StringComparison' method overloads to perform case-insensitive string comparisons
Use the 'StringComparison' method overloads to perform case-insensitive string comparisons
Prefer the 'IDictionary.TryAdd(TKey, TValue)' method
Prefer the 'IDictionary.TryAdd(TKey, TValue)' method
Unnecessary call to 'Contains' for sets
Unnecessary call to 'Contains' for sets
Cache and reuse 'JsonSerializerOptions' instances
Cache and reuse 'JsonSerializerOptions' instances
Use a cached 'SearchValues' instance
Use a cached 'SearchValues' instance
Do not pass a nullable struct to 'ArgumentNullException.ThrowIfNull'
Do not pass a nullable struct to 'ArgumentNullException.ThrowIfNull'
Prefer Convert.ToHexString and Convert.ToHexStringLower over call chains based on BitConverter.ToString
Prefer Convert.ToHexString and Convert.ToHexStringLower over call chains based on BitConverter.ToString
Use Path.Combine or Path.Join overloads
Use Path.Combine or Path.Join overloads
Dispose objects before losing scope
Dispose IDisposable objects before they go out of scope.
Do not lock on objects with weak identity
Do not lock on objects with weak identity
Do not directly await a Task
Call `ConfigureAwait(false)` on awaited tasks in library code.
Do not create tasks without passing a TaskScheduler
Do not create tasks without passing a TaskScheduler
Do not call ToImmutableCollection on an ImmutableCollection value
Do not call ToImmutableCollection on an ImmutableCollection value
Do not assign property within its setter
Do not assign property within its setter
Do not use ReferenceEquals with value types
Do not use ReferenceEquals with value types
Do not define finalizers for types derived from MemoryManager<T>
Do not define finalizers for types derived from MemoryManager<T>
Forward the CancellationToken parameter to methods that take one
Forward the CancellationToken parameter to methods that take one
The count argument to Buffer.BlockCopy should specify the number of bytes to copy
The count argument to Buffer.BlockCopy should specify the number of bytes to copy
ThreadStatic fields should not use inline initialization
ThreadStatic fields should not use inline initialization
Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr
Prevent behavioral change caused by built-in operators of IntPtr/UIntPtr
Don't call Enumerable.Cast<T> or Enumerable.OfType<T> with incompatible types
Don't call Enumerable.Cast<T> or Enumerable.OfType<T> with incompatible types
Do not use StreamReader.EndOfStream in async methods
Do not use StreamReader.EndOfStream in async methods
Do not pass 'IDisposable' instances into unawaited tasks
Do not pass 'IDisposable' instances into unawaited tasks
Prefer JsonElement.Parse over JsonDocument.Parse().RootElement
Prefer JsonElement.Parse over JsonDocument.Parse().RootElement
Review SQL queries for security vulnerabilities
Avoid building SQL command text from untrusted input.
Specify marshalling for P/Invoke string arguments
Specify marshalling for P/Invoke string arguments
Seal methods that satisfy private interfaces
Seal methods that satisfy private interfaces
Avoid handling Corrupted State Exceptions
Avoid handling Corrupted State Exceptions
Initialize value type static fields inline
Initialize value type static fields inline
Instantiate argument exceptions correctly
Instantiate argument exceptions correctly
Non-constant fields should not be visible
Non-constant fields should not be visible
Do not call overridable methods in constructors
Do not call overridable methods in constructors
Dispose methods should call base class dispose
Dispose methods should call base class dispose
Disposable types should declare finalizer
Disposable types should declare finalizer
Override GetHashCode on overriding Equals
Override GetHashCode on overriding Equals
Do not raise exceptions in exception clauses
Do not raise exceptions in exception clauses
Override Equals on overloading operator equals
Override Equals on overloading operator equals
Operator overloads have named alternates
Operator overloads have named alternates
Operators should have symmetrical overloads
Operators should have symmetrical overloads
Collection properties should be read only
Collection properties should be read only
Overload operator equals on overriding ValueType.Equals
Overload operator equals on overriding ValueType.Equals
Pass System.Uri objects instead of strings
Pass System.Uri objects instead of strings
Mark ISerializable types with SerializableAttribute
Mark ISerializable types with SerializableAttribute
Provide correct arguments to formatting methods
Provide correct arguments to formatting methods
Attribute string literals should parse correctly
Attribute string literals should parse correctly
Do not duplicate indexed element initializations
Do not duplicate indexed element initializations
Do not assign a symbol and its member in the same statement
Do not assign a symbol and its member in the same statement
Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum
Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum
Provide correct enum argument to Enum.HasFlag
Provide correct enum argument to Enum.HasFlag
Consider using String.Contains instead of String.IndexOf
Consider using String.Contains instead of String.IndexOf
Opt in to preview features before using them
Opt in to preview features before using them
Named placeholders should not be numeric values
Named placeholders should not be numeric values
The ModuleInitializer attribute should not be used in libraries
The ModuleInitializer attribute should not be used in libraries
All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface
All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface
Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static'
Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static'
Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported
Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported
Ensure ThreadStatic is only used with static fields
Ensure ThreadStatic is only used with static fields
Implement generic math interfaces correctly
Implement generic math interfaces correctly
Do not use ConfigureAwaitOptions.SuppressThrowing with Task<TResult>
Do not use ConfigureAwaitOptions.SuppressThrowing with Task<TResult>
Prefer generic overload when type is known
Prefer generic overload when type is known
Do not pass a non-nullable value to ArgumentNullException.ThrowIfNull
Do not pass a non-nullable value to ArgumentNullException.ThrowIfNull
Do not compare Span<T> to null or default
Do not compare Span<T> to null or default
File-based program entry point should start with #!
File-based program entry point should start with #!
Do not use insecure deserializer BinaryFormatter
Do not use insecure deserializer BinaryFormatter
Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
Do not use insecure deserializer LosFormatter
Do not use insecure deserializer LosFormatter
Do not use insecure deserializer NetDataContractSerializer
Do not use insecure deserializer NetDataContractSerializer
Do not deserialize without first setting NetDataContractSerializer.Binder
Do not deserialize without first setting NetDataContractSerializer.Binder
Ensure NetDataContractSerializer.Binder is set before deserializing
Ensure NetDataContractSerializer.Binder is set before deserializing
Do not use insecure deserializer ObjectStateFormatter
Do not use insecure deserializer ObjectStateFormatter
Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
Do not use TypeNameHandling values other than None
Do not use TypeNameHandling values other than None
Do not use insecure JsonSerializerSettings
Do not use insecure JsonSerializerSettings
Ensure that JsonSerializerSettings are secure
Ensure that JsonSerializerSettings are secure
Do not deserialize with JsonSerializer using an insecure configuration
Do not deserialize with JsonSerializer using an insecure configuration
Ensure that JsonSerializer has a secure configuration when deserializing
Ensure that JsonSerializer has a secure configuration when deserializing
Ensure DataTable.ReadXml()'s input is trusted
Ensure DataTable.ReadXml()'s input is trusted
Ensure DataSet.ReadXml()'s input is trusted
Ensure DataSet.ReadXml()'s input is trusted
Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
Unsafe DataSet or DataTable in serializable type
Unsafe DataSet or DataTable in serializable type
Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
Unsafe DataSet or DataTable in deserialized object graph
Unsafe DataSet or DataTable in deserialized object graph
Unsafe DataSet or DataTable type in web deserialized object graph
Unsafe DataSet or DataTable type in web deserialized object graph
Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
Review code for SQL injection vulnerabilities
Review code for SQL injection vulnerabilities
Review code for file path injection vulnerabilities
Review code for file path injection vulnerabilities
Review code for information disclosure vulnerabilities
Review code for information disclosure vulnerabilities
Review code for LDAP injection vulnerabilities
Review code for LDAP injection vulnerabilities
Review code for process command injection vulnerabilities
Review code for process command injection vulnerabilities
Review code for open redirect vulnerabilities
Review code for open redirect vulnerabilities
Review code for XPath injection vulnerabilities
Review code for XPath injection vulnerabilities
Review code for XML injection vulnerabilities
Review code for XML injection vulnerabilities
Review code for XAML injection vulnerabilities
Review code for XAML injection vulnerabilities
Review code for DLL injection vulnerabilities
Review code for DLL injection vulnerabilities
Review code for regex injection vulnerabilities
Review code for regex injection vulnerabilities
Insecure Processing in API Design, XML Document and XML Text Reader
Insecure Processing in API Design, XML Document and XML Text Reader
Mark verb handlers with ValidateAntiForgeryToken
Mark verb handlers with ValidateAntiForgeryToken
Do not use weak cryptographic algorithms
Avoid broken/weak algorithms such as SHA1, MD5, DES, and RC2.
Do Not Use Broken Cryptographic Algorithms
Do Not Use Broken Cryptographic Algorithms
Do not call dangerous methods in deserialization
Do not call dangerous methods in deserialization
Do not disable SChannel use of strong crypto
Do not disable SChannel use of strong crypto
Potential reference cycle in deserialized object graph
Potential reference cycle in deserialized object graph
Do not use deprecated security protocols
Do not use deprecated security protocols
Do not serialize types with pointer fields
Do not serialize types with pointer fields
Set ViewStateUserKey For Classes Derived From Page
Set ViewStateUserKey For Classes Derived From Page
Do not use obsolete key derivation function
Do not use obsolete key derivation function
Do not use account shared access signature
Do not use account shared access signature
Do not disable ServicePointManagerSecurityProtocols
Do not disable ServicePointManagerSecurityProtocols
Ensure key derivation function algorithm is sufficiently strong
Ensure key derivation function algorithm is sufficiently strong
Ensure certificates are not added to root store
Ensure certificates are not added to root store
Ensure use secure cookies in ASP.NET Core
Ensure use secure cookies in ASP.NET Core
Do not use digital signature algorithm (DSA)
Do not use digital signature algorithm (DSA)
Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
Avoid hardcoding SecurityProtocolType value
Avoid hardcoding SecurityProtocolType value
Do not use weak key derivation function with insufficient iteration count
Do not use weak key derivation function with insufficient iteration count
Ensure sufficient iteration count when using weak key derivation function
Ensure sufficient iteration count when using weak key derivation function
Do not add archive item's path to the target file system path
Do not add archive item's path to the target file system path
Use antiforgery tokens in ASP.NET Core MVC controllers
Use antiforgery tokens in ASP.NET Core MVC controllers
Use DefaultDllImportSearchPaths attribute for P/Invokes
Use DefaultDllImportSearchPaths attribute for P/Invokes
Do not use unsafe DllImportSearchPath value
Do not use unsafe DllImportSearchPath value
Miss HttpVerb attribute for action methods
Miss HttpVerb attribute for action methods
Do not use deprecated SslProtocols values
Do not use deprecated SslProtocols values
Enable HttpClient certificate revocation list check
Enable HttpClient certificate revocation list check
Ensure HttpClient certificate revocation list check is not disabled
Ensure HttpClient certificate revocation list check is not disabled
Do not use CreateEncryptor with non-default IV
Do not use CreateEncryptor with non-default IV
Use CreateEncryptor with the default IV
Use CreateEncryptor with the default IV
Do not disable token validation checks
Do not disable token validation checks
Do not always skip token validation in delegates
Do not always skip token validation in delegates