Banner background image
Studio User Guide
Last updated Dec 20, 2023

ST-SEC-009 - SecureString Misusage

Rule ID: ST-SEC-009

Scope: Workflow


This rule checks whether the SecureString type is misused in the workflow. This string type is used when avoiding to store potentially sensitive strings as plain text.


The SecureString type should not be used for any purpose other than the intended one. Therefore, attempting to cast SecureString to String may be viewed as a security risk.

According to the official Microsoft documentation, if a String object contains any sensitive information, it raises the risk of the data being revealed after it is used.

In addition, the scope of SecureString type variables should be very limited, ideally in the same scope where they were created.

  • Description
  • Recommendation

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.