DEV Community

Cover image for โœ…INCREASE the Security of your .NET Applications ๐Ÿ…(5 Tips to follow RIGHT NOW)
Dotnetsafer
Dotnetsafer

Posted on

โœ…INCREASE the Security of your .NET Applications ๐Ÿ…(5 Tips to follow RIGHT NOW)

When programming one of the aspects that we must take into account is the security of our code, we must maintain a balance between good practices, software performance, and software security.

From Dotnetsafer we want to give you some basic advice to start paying attention to the security of the code you program and make your .NET applications secure.


1. Avoid direct connections to databases.

Many times our applications require databases, the easiest way to use these databases is to use a connector from our application.
In this example of a C# application in .NET we will show the MySqlConnection connector.

To make a connection we would use a code like this ๐Ÿ‘‡

string connectionString =
"datasource=dev.dotnetsafer.com;
port=3306;
username=root;
password=secret;database=test;";
MySqlConnection databaseConnection = new MySqlConnection(connectionString);
Enter fullscreen mode Exit fullscreen mode

In this way, we are exposing our server, port, username, and password to anyone who has access to the application.


How can we fix it? ๐Ÿค”

Here we must take into account several aspects, one of them being how our application is structured and its needs.

In a simple way we could apply the following measures ๐Ÿ‘‡

  • Donโ€™t use Universal Data Link (UDL) files
  • Encrypt the configuration files
  • Using Windows Authentication
  • Using Azure Key Vault Secret

โš WARN: If we need complete and advanced security we recommend outsourcing the connections.


2. Data encryption in .NET

Whenever we work with data, whether it is application settings or user information, we must keep the data encrypted at all times.
With this class you will be able to manipulate files with a little more security, for example ๐Ÿ‘‡

//To save a file:
DotnetsaferSecureFile.WriteAllText("example.txt","The user Pedro   has registered in https://dotnetsafer.com","passwordSecurity1234");
//To load this file:
var data = DotnetsaferSecureFile.ReadAllText("example.txt", "passwordSecurity1234");
Enter fullscreen mode Exit fullscreen mode

This is a small example to start integrating security and encryption into the data handled by our application, both files, and strings, connections, documents, etc.

In this example we have seen that the password โ€œpasswordSecurity1234โ€ is in the code, at first sight, that should not be so, the best option would be to outsource this password and load it in a secure way. As we did for example with the MySQL connection strings using Azure Key Vault Secret.


3. Using the Data Protection API in ASP .NET Core

In ASP .NET Core we could use IDataProtector to protect the information and documents that we manipulate in our applications.
This method is very simple to implement and has several features that make it really good.

In order to use it in the StartUp.cs class of our ASP .NET Core application, in the ConfigureServices method we will add ๐Ÿ‘‡

public void ConfigureServices(IServiceCollection services)
  {
    services.AddDataProtection();
    services.AddTransient<ProtectorHelper>();
  }
Enter fullscreen mode Exit fullscreen mode

Then weโ€™ll load it as a parameter in the constructor of the classes in which we want to implement it, so we can use it to encrypt the information, for example:

public Class1(ProtectorHelper protectionHelper){
//This will cause a user's file to be encrypted and expire in 5            
hours, i.e. after 5 hours, it cannot be decrypted by anyone.
  var usferFile = protectionHelper.Encrypt 
  fileData,TimeSpan.FromHours(5));
}
Enter fullscreen mode Exit fullscreen mode

Only with these measures, our application will be much safer, now we need to implement it correctly to ensure the safety of our customers.


4. Update the external dependencies and libraries.

This recommendation may be obvious, but not many people take it into account when programming in .NET. We make use of many libraries, usually many of them offered by Microsoft, others developed by users or companies, like many of the NuGet packages.

It is important that we check which libraries are using our application and inform us of any known vulnerabilities or possible security risks they may cause.

It is also important to take into account the versions of the Framework we are using for our application since it could have become obsolete and without maintenance and could be a security risk.

Here we provide you with information about the current framework versions๐Ÿ‘‡

C# external dependencies and libraries

In addition, a table with the known vulnerabilities of the most common .NET libraries ๐Ÿ‘‡

C# external dependencies and libraries


5. Use security systems and code obfuscation.

One of the most effective and simple solutions is to use a tool that takes care of protecting your application.

The above-mentioned security best practices are important for keeping your .NET application secure but are not sufficient to ensure the integrity of methods, connections, and other vulnerabilities.

At Dotnetsafer we offer you the possibility of protecting your applications for free and we provide you with more advanced protections and features so that you can adapt the security to the needs of your applications.

Advantages of using a security system for .NET

Avoid wasting time protecting your applications.

  • No security knowledge required.

  • It allows you to use various protections and features.

  • Incorporate the latest security techniques into your application with a couple of clicks.

  • Detects and corrects vulnerabilities automatically.

  • It allows you to focus on development and continuous integration without worrying about security, as it will run on its side.

And other advantages that make a security system save you time and money with the publication of your software.

Another important aspect is that the performance of the team development can be very reduced if we implement the protection manually. Because every time there is an update we will have to protect the application again and the development can become very tedious because the code is more difficult to understand, less practical and less optimal.

In addition, many of the protections that we can incorporate manually are at the level of connections, file manipulation, encryption and good practices in development. But for the software to be secure and to be able to guarantee the integrity of our intellectual property it is necessary to use more advanced methods and algorithms.

For example, Dotnetsafer offers protections such as:

  • Control flow: Modifies the flow of methods and disorders them so that they cannot be represented.

  • Constants protection: Encrypts and protects the application constants so that sensitive information cannot be obtained.

  • Rename: Renames all types, classes, methods, and variables of our application so that the operation cannot be understood.

And many more protections, if you want to know about all the protections that Dotnetsafer offers we recommend you go to the Protections section.


And as always, if you are reading this, it means that you belong to the 1% of people who read the articles UNTIL THE END, I want you to comment me with locks ๐Ÿ”’ from 1 to 5, how much you want to read the second part.

a

If I see many I will upload more advanced tips!!๐Ÿ˜ƒ๐Ÿ‘

Discussion (10)

Collapse
sofianeb profile image
Sofiane B

๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’Good content I would be glad to read the second part especially if it dives into encryption, hashing and authentication

Collapse
dotnetsafer profile image
Dotnetsafer Author

Well, we are preparing a very interesting guide, would you like us to send it to you?

Collapse
sofianeb profile image
Sofiane B

yes , sure

Collapse
lorena2307 profile image
Lorena-2307 • Edited

Helpful content ๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’

Collapse
dotnetsafer profile image
Dotnetsafer Author

Thanks!

Collapse
kennyf3 profile image
zaira69yt

๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’ Sureee, show me more advanced security tips! Thanks :D

Collapse
dotnetsafer profile image
Dotnetsafer Author

We are preparing a guide!

Collapse
jboada profile image
jboada

๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’

Collapse
juliencoder395 profile image
Julien

๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’๐Ÿ”’

Collapse
dotnetsafer profile image
Dotnetsafer Author

Thank you very much, we are glad you liked it!