5 security tips for c# and .net applications

5 simple security tips for your .NET applications

Lorena
Lorena

When programming one of the aspects that we must take into account is the security of our code, we must maintain a balance between good practices, software performance, and software security.

From Dotnetsafer we want to give you some basic advice to start paying attention to the security of the code you program and make your .net application secure.

As we mentioned before, these are basic aspects that any programmer could start implementing today, in this blog you have more articles with more advanced solutions and tips.

1. Avoid direct connections to databases.

Database security mysql c#

Many times our applications require databases, the easiest way to use these databases is to use a connector from our application.

👉 In this example of a c# application in .NET we will show the MySqlConnection.

To make a connection we would use a code like this:

This may be practical in terms of simplicity, but it is not practical in terms of safety.

In this way, we are exposing our server, port, username, and password to anyone who has access to the application.

How can we fix it?

Here we must take into account several aspects, one of them being how our application is structured and its needs.

In a simple way we could apply the following measures:

  • Do not use Universal Data Link (UDL) files
  • Encrypt the configuration files
  • Using Windows Authentication
  • Using Azure Key Vault Secret

If we need complete and advanced security we recommend outsourcing the connections.

To outsource the connections we recommend the following article in which we explain in detail how to do it:

Another simpler and more efficient option would be to use the constants protection that takes care of protecting these connection strings and any vulnerable information.

You can do it for free: 👉 Start protecting my applications for free!

Here you can find out how it works: 👉 Constants Documentation

2. Data encryption in .NET


Whenever we work with data, whether it is application settings or user information, we must keep the data encrypted at all times.

c# encryption and data security .net

For example, if you store files with the information they should not be in plain text, here is a basic solution to solve the problem:

👉 DotnetsaferSecureFile.cs on Github

With this class you will be able to manipulate files with a little more security, for example:

This is a small example to start integrating security and encryption into the data handled by our application, both files, and strings, connections, documents, etc.

In this example we have seen that the password “passwordSecurity1234” is in the code, at first sight, that should not be so, the best option would be to outsource this password and load it in a secure way. As we did for example with the MySQL connection strings using Azure Key Vault Secret.

3. Using the Data Protection API in ASP .NET Core

In ASP .NET Core we could use IDataProtector to protect the information and documents that we manipulate in our applications.

This method is very simple to implement and has several features that make it really good.

.net core data protection api ASP .NET Core with IDataProtector

Here we provide you with a solution to help you implement this class in a simple way.

👉 ProtectorHelper.cs on Github.

In order to use it in the StartUp.cs class of our ASP .NET Core application, in the ConfigureServices method we will add

Then we’ll load it as a parameter in the constructor of the classes in which we want to implement it, so we can use it to encrypt the information, for example:

Only with these measures, our application will be much safer, now we need to implement it correctly to ensure the safety of our customers.

4. Update the external dependencies and libraries.

check security of .net nuget packages and c# libs

This recommendation may be obvious, but not many people take it into account when programming in .NET we make use of many libraries, usually many of them offered by Microsoft, others developed by users or companies, like many of the NuGet packages.

It is important that we check which libraries are using our application and inform us of any known vulnerabilities or possible security risks they may cause.

It is also important to take into account the versions of the Framework we are using for our application since it could have become obsolete and without maintenance and could be a security risk.

Here we provide you with information about the current framework versions:
.NET Framework 4.8 .NET Framework 4.7.2 .NET Framework 4.7.1 .NET Framework 4.7
.NET Framework 4.6.2 .NET Framework 4.6.1 .NET Framework 4.6 .NET Framework 4.5.2
.NET Framework 4.5.1 .NET Framework 4.5 .NET Framework 4 .NET Framework 3.5
.NET Framework 3.0 .NET Framework 2.0 .NET Framework 1.1 .NET Framework 1.0

You can check the list here: https://docs.microsoft.com/es-es/dotnet/framework/migration-guide/versions-and-dependencies

For .NET Core you can check here the versions: https://dotnet.microsoft.com/download/dotnet-core

For .NET Standard you can find more information here: https://docs.microsoft.com/es-es/dotnet/standard/net-standard

In addition, a table with the known vulnerabilities of the most common .NET libraries:

Nombre de la libreriaVulnerabilidades registradas
system.net.http 5 High Severity
1 Medium Severity
system.io.pipelines 1 High Severity
microsoft.aspnetcore.server
.kestrel.core
2 High Severity
2 Medium Severity
system.net.websockets
.websocketprotocol
1 Medium Severity
microsoft.data.odata 1 High Severity
microsoft.aspnetcore.websockets 1 High Severity
1 Medium Severity
system.security.cryptography.xml 1 High Severity
microsoft.aspnetcore.server.
kestrel.transport.abstractions
1 High Severity
system.net.security 3 High Severity
1 Medium Severity
microsoft.aspnetcore.identity 1 High Severity

*This list has been provided by https://snyk.io/.

5. Use security systems and code obfuscation.

One of the most effective and simple solutions is to use a tool that takes care of protecting your application.

protect c# applitacions for free with dotnetsafer

The above-mentioned security best practices are important for keeping your .NET application secure but are not sufficient to ensure the integrity of methods, connections, and other vulnerabilities.

At Dotnetsafer we offer you the possibility of protecting your applications for free and we provide you with more advanced protections and features so that you can adapt the security to the needs of your applications.

Advantages of using a security system for .NET

  • Avoid wasting time protecting your applications.
  • No security knowledge required.
  • It allows you to use various protections and features.
  • Incorporate the latest security techniques into your application with a couple of clicks.
  • Detects and corrects vulnerabilities automatically.
  • It allows you to focus on development and continuous integration without worrying about security, as it will run on its side.

And other advantages that make a security system save you time and money with the publication of your software.

👉 Another important aspect is that the performance of the team development can be very reduced if we implement the protection manually because every time there is an update we will have to protect the application again and the development can become very tedious because the code is more difficult to understand, less practical and less optimal.

In addition, many of the protections that we can incorporate manually are at the level of connections, file manipulation, encryption and good practices in development, but for the software to be secure and to be able to guarantee the integrity of our intellectual property it is necessary to use more advanced methods and algorithms.

For example, Dotnetsafer offers protections such as:

  • Control flow: Modifies the flow of methods and disorders them so that they cannot be represented. ✔
  • Constants protection: Encrypts and protects the application constants so that sensitive information cannot be obtained. ✔
  • Rename Renames all types, classes, methods, and variables of our application so that the operation cannot be understood. ✔

And many more protections, if you want to know about all the protections that dotnetsafer offers we recommend you go to the section https://dotnetsafer.com/protections and you will be able to obtain more information about each one of them in the documentation.

We hope this article has been helpful to you, and invite you to start protecting your applications for free and in a couple of clicks:

Summary
5 simple security tips for your .NET applications
Article Name
5 simple security tips for your .NET applications
Description
Did you know that your .NET applications are vulnerable? Discover 5 tips to protect and obfuscate your .NET applications
Author
Publisher Name
Dotnetsafer
Publisher Logo

More great articles

Protect your code in less than 5 minutes.

How to protect your .NET and .NET CORE applications in 5 minutes with Dotnetsafer Shield

The process to protect your applications is usually long, complex and tedious. In this article you will find all the…

Read Story
Características del nuevo panel

Launch of the new panel

The Dotnetsafer team has developed a new panel adapted to all your needs, with new features to ensure your comfort…

Read Story
c# code protection and .net security

Why you should protect your .NET applications

Many times we have heard that security is one of the most important aspects in relation to computer software and…

Read Story

Never miss a minute

Get great content to your inbox every week. No spam.
We'll never share your email address
Arrow-up