Creating Secure .NET Applications
Courtesy Sam Nasr, VisualStudioMagazine
Application security is always an important topic in day-to-day development, but it doesn’t always get the attention it deserves. There are many reasons you should be concerned with security. Over the years the value of data — to corporations and hackers alike — has increased significantly. Corporations of all sizes have much at risk, including customer credit-card numbers, Social Security numbers and patient information.
However, hackers aren’t always trying to steal information. Hackers of religious and political organizations often attempt to deface a site in the hopes of giving an organization negative publicity. Other times the intent is to cripple the site and take it offline, or completely take over the server and use it to attack other servers. Regardless of the scenario, application security is a necessity for every organization.
Application security is a broad topic, covering all aspects of IT (servers, networking, applications, databases and more). I won’t be able to cover all aspects in this article; my goal is to address some utilities in the Microsoft .NET Framework that are often overlooked. The primary utilities I’ll discuss are SN.exe, Dotfuscator and SignTool.exe. To demonstrate these tools, I’ll create a sample application that will serve as the basis for demonstrating all three utilities.