I disagree that .Net Framework is unsafe too.
In computer science nothing is 100% safe.
In any software (mobile, web, desktop or whatever) you (DEVELOPER) have to sanitize user input and validate it to avoid sql-injection or others security issues.
In my opinion you should point out that there are programming best and bad practices. I someone doesn't applies the best practises that doesn't mean that PHP, C# or Java are not safe. His code is not safe. It is not the fault of the programming language or framework.
However, I totally agree with you: we DEVELOPERS have to protect our application, customer and users data.
I think you misunderstood me in that respect, but because of me, I didn't express myself well.
I don't want to blame .NET for being insecure, I don't accuse it as a language with vulnerabilities or anything like that, what I wanted to show is that just by clicking to compile, your application is not secure at all.
As I said in a previous comment, that the application can be decompiled does not determine everything, the most important thing is how you develop it, as you say, EVERYTHING is insecure, and EVERYTHING can be achieved, you see attacks on companies that invest millions of dollars in security, and yet sometimes suffer these attacks.
My goal was not to discredit .NET as a vulnerable language, but it is one of the languages where reverse engineering is more present. But like all languages really.
My goal is to make people aware of the need to take these aspects into account, but obviously, not only to use a security system, but to have good practices when programming and structuring everything correctly based on the security of our software.
The two articles you sent are very good, and I plan to upload articles of good practices regarding security in .NET, would you find them interesting ?
One piece of advice, I personally don't recommend ConfuserEx, but I'll tell you why, it's wonderful, but it's open source, this may seem good (and in part it is) but this has made it easier to study how it works and how to remove the security it offers, on the other hand, it has been used by many people who encrypted malicious software to prevent antivirus from detecting it, for that reason many times when protecting your application it generates false positives. Basically I tell you from the knowledge, in our development team anyone can remove it security in a few seconds.
But it's much better to use it than not to use it at all. That's for sure.
Another thing, many times I have read that it is a CRIME to decompile code, it is true, but a sad reality is that it happens, shoplifting is a crime, and yet you will always see the security guard at the door.
Thank you for your comment,
I would really like to know if you would like me to upload articles about good security practices and security tips in general for .NET, I would really appreciate your response.
Have a great day, and keep programming a lot of code 🖥, but safe 🛡😝 !
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hello,
I disagree that .Net Framework is unsafe too.
In computer science nothing is 100% safe.
In any software (mobile, web, desktop or whatever) you (DEVELOPER) have to sanitize user input and validate it to avoid sql-injection or others security issues.
Furthermore, DEVELOPERS HAVE TO read the documentation:
docs.microsoft.com/en-us/dotnet/fr....
If you are a web developer using .net core please read carefully:
docs.microsoft.com/en-us/aspnet/co....
Decompile an application is a CRIME.
If somebody is wondering how to protect a .net application against decompilation I would suggest to check ConfusedEx (github.com/yck1509/ConfuserEx and yck1509.github.io/ConfuserEx/).
In my opinion you should point out that there are programming best and bad practices. I someone doesn't applies the best practises that doesn't mean that PHP, C# or Java are not safe. His code is not safe. It is not the fault of the programming language or framework.
However, I totally agree with you: we DEVELOPERS have to protect our application, customer and users data.
Hello!
I think you misunderstood me in that respect, but because of me, I didn't express myself well.
I don't want to blame .NET for being insecure, I don't accuse it as a language with vulnerabilities or anything like that, what I wanted to show is that just by clicking to compile, your application is not secure at all.
As I said in a previous comment, that the application can be decompiled does not determine everything, the most important thing is how you develop it, as you say, EVERYTHING is insecure, and EVERYTHING can be achieved, you see attacks on companies that invest millions of dollars in security, and yet sometimes suffer these attacks.
My goal was not to discredit .NET as a vulnerable language, but it is one of the languages where reverse engineering is more present. But like all languages really.
My goal is to make people aware of the need to take these aspects into account, but obviously, not only to use a security system, but to have good practices when programming and structuring everything correctly based on the security of our software.
The two articles you sent are very good, and I plan to upload articles of good practices regarding security in .NET, would you find them interesting ?
One piece of advice, I personally don't recommend ConfuserEx, but I'll tell you why, it's wonderful, but it's open source, this may seem good (and in part it is) but this has made it easier to study how it works and how to remove the security it offers, on the other hand, it has been used by many people who encrypted malicious software to prevent antivirus from detecting it, for that reason many times when protecting your application it generates false positives. Basically I tell you from the knowledge, in our development team anyone can remove it security in a few seconds.
But it's much better to use it than not to use it at all. That's for sure.
Another thing, many times I have read that it is a CRIME to decompile code, it is true, but a sad reality is that it happens, shoplifting is a crime, and yet you will always see the security guard at the door.
Thank you for your comment,
I would really like to know if you would like me to upload articles about good security practices and security tips in general for .NET, I would really appreciate your response.
Have a great day, and keep programming a lot of code 🖥, but safe 🛡😝 !