question

JosephKuper-7793 avatar image
0 Votes"
JosephKuper-7793 asked TianyuSun-MSFT edited

.NET - Protecting Code from Malicious Attacks

With the evolution of code and software also comes the evolution of the hacker/cracker.

Does anyone have a link to a product or article that details the most current "Best Practice" on how developers can protect their code, and in turn, protect their clients who use their software?

To be more specific with this question, let me provide a brief scenario, as there are two key aspects to consider:

  • A company develops security software for a major utility, their core language is C# and all developers in their company are using the latest Visual Studio. The C# code has many libraries and external references from GITHUB and other sources.

  • Now a hacker/cracker gets their hands into one of the GITHUB libraries and alters its code to expose any user of their vulnerabilities. The very same GITHUB library that the software developers use in their product.

Aspect one: Is there a tool, article, or best practice guide for something out there today that can be utilized in Visual Studio to protect code from these types of attacks? (described above)
Aspect two: Is there a tool, article, or best practice guide that details unit test purging of any sensitive data? Example: developer accidently uses real usernames and passwords in their unit test. Yes, they should not do this. But human error is an evident part of our world. Is there something we can put in place to help with this?

Thanks so much for any links or descriptions that may help.



dotnet-csharp
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This question is very broad. You will get better responses if you show us what you have already found by searching and explain why none of them are satisfactory.

0 Votes 0 ·

My apologies for the broad question. The intent I had was to see if anyone had experience in this scenario and what they would recommend moving forward.

The foundation of this question is inspired from this article: https://www.securityweek.com/vulnerabilities-visual-studio-code-extensions-expose-developers-attacks

The idea was to trigger a discussion about how experienced developers would deal with this issue. There seems to be many products/ideas/solutions such as:
https://visualstudiomagazine.com/articles/2021/04/28/vs-code-mitre.aspx

From a consumer standpoint (us as developers), what does the community see as best practice?

0 Votes 0 ·
cheong00 avatar image
0 Votes"
cheong00 answered

FYI, in your VS2015+ IDE project settings -> "Code Analysis" you can enable code analysis on build with different rules (Say, "Microsoft Security Rules" or import customized rulesets)

The basic idea is to get rid of coding pattern that is likely to introduces vulnerabilities.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vb2ae avatar image
0 Votes"
vb2ae answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.