Many times we have heard that security is one of the most important aspects in relation to computer software and systems.
But… 🤔 Do we really know what could happen if we don’t protect our software? And do we know how we should do it?
Basically the source code of any application can be exposed in a simple way, but if we talk about .NET this simplicity that I am talking about is amplified.
How easy is it to access our code?
In short, very simple 😕. There are programs called de-compilers (which is basically a program that performs the reverse operation of a compiler), that is, take your compiled application, and display its code. 💻
Exposing your code could cause various problems caused by attackers:
- Modify your applications.
- Steal or copy important code from your applications, such as exclusive functions or private methods of your company.
- Skip or alter security, license or login systems of your applications.
- Distribute unauthorized copies of your application.
- Access your servers, databases or obtain sensitive information about your users.
And endless possibilities that will make your applications insecure and your customers hesitate to have to use them.
In this example, we will show how easy it is to de-compile an application and see its original source code. Yes, the one that the employees of your company, your programming group or perhaps you yourself were developing with so much effort, within reach of anyone, without knowledge of reverse engineering and exposed with a simple tool.
👉 This is a simple application, which simply requires a password.
We might think that this application compiled in .exe or .dll is safe, but in a few seconds, we can get all the code.
In this example, we will use DnSpy a well-known decompiler for .NET applications.
Only by dragging the application to the de-compiler we could see the password that we are asked for, this is just an example, but in this same way, we could obtain more compromising functions, database connections, passwords…
What happens if we develop open source?
We often think that when developing open source applications we don’t need to protect the source code because it is publicly available to everyone.
And this is true, but not always 😧.
When the code is published, we should obviously not protect it, but if we publish open source applications publicly under our name or brand we may have problems.
Attackers could easily modify the applications we offer under our brand.
Surely you wouldn’t want an attacker to be able to modify your applications and add “illegal” features such as phishing methods, or features to steal sensitive information, and that this application spreads over the Internet carrying your name or brand.
Sensitive information in applications.
Just because our application is open source, or free, does not mean that it does not contain sensitive information such as connections to databases, storage servers or services like Azure. If we do not protect this sensitive information we will allow theft or access to these servers or services to be easier for attackers.
To guarantee security to our users.
Even if we publish free applications or free tools, we should always ensure the safety of our users and guarantee a minimum of security so that they can enjoy our services without worries.
So how should I do it?
If we talk about security we could cover different ways to protect our applications from the copyright and legal documents to using tools to protect our source code.
To be able to start introducing security in your applications for free and easy, we recommend you to register at dotnetsafer and also provide you with some free tips to start implementing security in your applications in a very short time and without advanced security knowledge.
We also invite you to continue learning in the following article: