Allowing users to provide data for deserialization generally creates more
problems than it solves.

Anything that can be done through deserialization can generally be done with more
secure data structures. +
Therefore, our first suggestion is to avoid deserialization in the first
place.

However, if deserialization mechanisms are valid in your context, here are some
security suggestions.