Rating: 0 out of 5 stars
0 ratings
Ebook71 pages18 minutes
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
By Slava Gomzin
Rating: 0 out of 5 stars
()
About this ebook
Booklet for developers and security professionals on how to implement code obfuscation, .NET strong name signing, and Authenticode code signing in order to protect applications deployment. The guide contains detailed description of different code signing implementation options from basic software to sophisticated hardware solution.
Topics include: reasons to implement code obfuscation and signing, obfuscation and strong name signing dependencies, description of Authenticode signing process, singing certificates and certificate authorities, signing certificate private key storage: hardware vs. software, three ways to implement code signing, and more (Article: ~4,460 words).
Table of Contents includes:
1. Introduction
Several Reasons to Implement Code Obfuscation and Signing
Additional Benefits of Strong Name Signing
Additional Benefits of Authenticode Signing
2. Code Obfuscation and Strong Name Signing
Code Obfuscation Tools
Obfuscation Project and Strong Name Signing
Obfuscation and Strong Name Signing from Command Line
3. Authenticode Code Signing
Code Signing
Digital Signatures
How Code Signing Works
Authenticode
Code Signing Certificate
X.509 Standard
Obtaining Code Signing Certificate
Signing Certificate Pricing
Code Signing Certificate Storage: Hardware vs. Software
Time Stamping
Certificate Validity (Expiration Date)
4. Implementing Authenticode Signing
Code Signing Process à la Microsoft
Code Signing Implementation Options: Advantages, Disadvantages, Costs
Option 1: “Full Hardware”
Option 2: “Basic Software”
Option 3: “Combined Software/Hardware”
5. Tips on Implementing “Combined Software/Hardware” Option
Requirements to Signing Application
6. Tips on Implementing “Basic Software” Option
Installing Code Signing Certificate on Signing Server
SignTool
Installing SignTool
Using SignTool
5. Testing
Testing Obfuscation
Testing Strong Name Signatures
Testing Authenticode Signatures
6. Resources
Tools and Products
Authenticode Certificates Offered by Public Certificate Authorities
Online Authenticode Timestamping Services
Standards
Articles
Books
About the Author
Slava Gomzin, CISSP, ECSP, Security+ has more than 15 years of professional experience in software development and application security. He is Security Architect at Retalix USA.
Author
Slava Gomzin
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.
Read more from Slava Gomzin
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless Protecting Confidential Information: How to Securely Store Sensitive Data Rating: 0 out of 5 stars0 ratingsSecuring Email Communication: How to Protect Your Correspondence from Wiretapping Using Free Tools Rating: 0 out of 5 stars0 ratingsSecuring .NET Web Services with SSL: How to Protect “Data in Transit” between Client and Remote Server Rating: 0 out of 5 stars0 ratings
Related to Securing Application Deployment with Obfuscation and Code Signing
Related ebooks
Easy Private Browsing: How to Send Anonymous Email, Hide Your IP address, Delete Browsing History and Become Invisible on the Web Rating: 0 out of 5 stars0 ratingsThe Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5Dictionary of Information Security Rating: 1 out of 5 stars1/5CheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 5 out of 5 stars5/5Practical VoIP Security Rating: 0 out of 5 stars0 ratingsEleventh Hour Linux+: Exam XK0-003 Study Guide Rating: 4 out of 5 stars4/5CISSP Study Guide Rating: 3 out of 5 stars3/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratings10 Things That Used to be Good Ideas in Data Security Rating: 0 out of 5 stars0 ratingsManaging Cisco Network Security Rating: 3 out of 5 stars3/5Rumi's Little Book of Life: The Garden of the Soul, the Heart, and the Spirit Rating: 4 out of 5 stars4/5The Best Damn Cisco Internetworking Book Period Rating: 5 out of 5 stars5/5Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit Rating: 2 out of 5 stars2/5Managing Information Security Rating: 5 out of 5 stars5/5Wireless Hacking: Projects for Wi-Fi Enthusiasts: Cut the cord and discover the world of wireless hacks! Rating: 5 out of 5 stars5/5CISSP Practice Exams, Fourth Edition Rating: 5 out of 5 stars5/5No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Rating: 4 out of 5 stars4/5Security Risk Management: Building an Information Security Risk Management Program from the Ground Up Rating: 4 out of 5 stars4/5Hardware Hacking: Have Fun while Voiding your Warranty Rating: 5 out of 5 stars5/5Low Tech Hacking: Street Smarts for Security Professionals Rating: 3 out of 5 stars3/5Cuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsSecuring Windows: How to Protect Your Computer Properly Rating: 0 out of 5 stars0 ratingsSecuring Cloud Services: A pragmatic approach to security architecture in the Cloud Rating: 0 out of 5 stars0 ratings
Related podcast episodes
Morepath with Martijn Faassen 0% found this document usefulISC StormCast for Friday, November 3rd 2017: Leaked Code-Signing Keys; Popular iOS Apps Do Not Use TLS Correctly; 0% found this document useful#35: Serverless at MatHem with Lars Jacobsson 0% found this document usefulEpisode 54: 054 AiA Immutability with Angular with Minko Gechev 0% found this document useful#564 - vSphere Mobile Client w/VMware's Sivakarthi S: #564 - vSphere Mobile Client w/VMware's Sivakarthi S 0% found this document usefulTara Ojo - Part 1: Software Engineer at Google, MAANG technical interview preparation, junior to senior SWE journey 0% found this document usefulWhat did paypal-scripts do? 0% found this document useful
Related articles
Next issue FREE SOFTWARE 2023! Computer MusicArticle
Next issue FREE SOFTWARE 2023!
Nov 30, 2022
1 min readMacKiev Releases FTM Update Despite Russia’s Invasion Of Ukraine Who Do You Think You Are?Article
MacKiev Releases FTM Update Despite Russia’s Invasion Of Ukraine
Sep 20, 2022
1 min readAphex Twin Releases Samplebrain, A Free And Open-source "Custom Sample Mashing App" Electronic MusicianArticle
Aphex Twin Releases Samplebrain, A Free And Open-source "Custom Sample Mashing App"
Oct 18, 2022
1 min readLetter Of The Month Linux FormatArticle
Letter Of The Month
Apr 5, 2022
1 min readOops… CQ Amateur RadioArticle
Oops…
Aug 1, 2022
1 min readSuitable For Programmers? Linux FormatArticle
Suitable For Programmers?
Feb 8, 2022
1 min readLetter Of The Month Linux FormatArticle
Letter Of The Month
Apr 5, 2022
1 min readScripts Computer MusicArticle
Scripts
Jul 15, 2020
Infinity uses the coding language Python for its scripting, and, as mentioned, scripts form the basis of many of the editing processes, including the Note Editor, Chord Creator, the four Mapper options (Beat, Panning, Pitch and Volume) and Audioshop
1 min readEvery Second Counts Computer MusicArticle
Every Second Counts
May 18, 2022
Sinevibes Skew has numerous points of difference from many of the other audio reversing plugins out there. One particularly noticeable aspect of the plugin is the removal of processing lag – very welcome it is too. And then there is the smooth way we
1 min readTiimo – Visual Daily Planner APCArticle
Tiimo – Visual Daily Planner
Sep 5, 2022
There are plenty of day planner apps out there, but few that are made for neurodiverse users with conditions ranging from autism to ADHD. Tiimo aims to fill that niche. That’s not to say you can’t use it if your needs are different. The app will appe
2 min read10 Change History States And Recent Files List Practical PhotoshopArticle
10 Change History States And Recent Files List
Sep 28, 2021
1 min readOpen Source Graphics Linux FormatArticle
Open Source Graphics
Jun 28, 2022
1 min readMicrosoft Drops ‘Word Windows’ Trademark Case Against UK Teacher ComputeractiveArticle
Microsoft Drops ‘Word Windows’ Trademark Case Against UK Teacher
Oct 26, 2022
The UK inventor of a reading tool has settled a trademark dispute with Microsoft by changing its name from Word Windows to Word Window. Kate McKenzie, a teacher from Northampton, had created the handheld tool (pictured) to assist children who had pro
1 min readMaking A Skin APCArticle
Making A Skin
Aug 10, 2020
1 min readMicrosoft’s Adverts Are ‘Shamelessly Misleading’ ComputeractiveArticle
Microsoft’s Adverts Are ‘Shamelessly Misleading’
Sep 28, 2022
1 min readGenerating Hills Linux FormatArticle
Generating Hills
Sep 21, 2021
An example of how to create a hill effect is given in the Python script file simple_hill_road.py. From viewing the code, you will see that new variables have been added to create the hill effect. hill_ position, hill_velocity, hill_acceleration and h
1 min readSubscribe Now Never Miss An Issue Airgun ShooterArticle
Subscribe Now Never Miss An Issue
Nov 2, 2021
1 min readRepair Old Photos With A Single Click Family Tree UKArticle
Repair Old Photos With A Single Click
Jul 9, 2021
Photo Repair is the latest addition to the MyHeritage toolbox, offering a simple way to repair old photos via a ‘Repair’ button that automatically appears when it detects a damaged image. Whilst the ‘gentle repair’ option will fix most common damage,
1 min readEditor’s Note Practical PhotoshopArticle
Editor’s Note
Jul 28, 2021
1 min readQuick Tip Linux FormatArticle
Quick Tip
Jun 1, 2021
If you want to jump to a specific function in the code, instead of scrolling through lines and lines of code, just use the IDE’s search function (if it has one). It’s usually invoked by pressing (Ctrl+F). Type in your search term and then click the S
1 min readRare Form PC Gamer (US Edition)Article
Rare Form
Aug 10, 2021
1 min readQuick Tip Linux FormatArticle
Quick Tip
Sep 22, 2020
The next logical step would be to replace our resources with your own custom creations. A good place to begin would be altering the colours of our images in Gimp. Thanks to young Python developer Julian Meyer for the original idea behind this game
1 min readHomeBank ComputeractiveArticle
HomeBank
Jul 14, 2021
2 min readWhiteboard Or Notepad? Linux FormatArticle
Whiteboard Or Notepad?
Jul 26, 2022
1 min readFrom the Editor ComputeractiveArticle
From the Editor
Nov 17, 2021
1 min readSoftware To Watch Electronic MusicianArticle
Software To Watch
Nov 22, 2022
The mighty morphing EQ is all about modulation, taking its filter bands on rhythmic, programmable journeys and bringing the EQ to producers’ consciousness as not just a mixing tool but a full-on creative effect – especially thanks to its series/paral
1 min readTiimo – Visual Daily Planner MacFormatArticle
Tiimo – Visual Daily Planner
Jul 26, 2022
A good planning app with clear visuals, but be ready for some irritations. ★★★☆☆ Good visual style Lots of premade routines Checklist logic needs work Interface issues There are plenty of day planner apps out there, but few that are made for neurodiv
2 min readRelated Projects APCArticle
Related Projects
Apr 18, 2022
You can assess the popularity and usefulness of fzf by the fact that the project maintains a list of related projects on its Github hosted wiki (https://github.com/junegunn/fzf/wiki/ related-projects). This is a collection of other tools and utilitie
1 min readTake Stock Of Your Stuff This Old HouseArticle
Take Stock Of Your Stuff
Feb 28, 2020
1 min readBCUninstaller ComputeractiveArticle
BCUninstaller
Jul 28, 2021
I install a huge amount of software – some good (the programs we recommend each fortnight), some awful (the stuff you don’t hear about, unless we’re telling you to avoid it). Consequently, my poor hard drive gets cluttered in no time. Back in Issue 5
2 min read
Reviews for Securing Application Deployment with Obfuscation and Code Signing
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Securing Application Deployment with Obfuscation and Code Signing - Slava Gomzin
Securing Application Deployment with Obfuscation and Code Signing
How to Create 3 Layers of Protection for .NET Release Build
Application Security Series
Slava Gomzin
Cover Photo and Design: Alisa Levy
Smashwords Edition
Copyright © 2012 Slava Gomzin
Table of Contents
1. Introduction
Several Reasons to Implement Code Obfuscation and Signing
Additional Benefits of Strong Name Signing
Additional Benefits of Authenticode Signing
2. Code Obfuscation and Strong Name Signing
Code Obfuscation Tools
Obfuscation Project and Strong Name Signing
Obfuscation and Strong Name Signing from Command Line
3. Authenticode Code Signing
Code Signing
Digital Signatures
How Code Signing Works
Authenticode
Code Signing Certificate
X.509 Standard
Obtaining Code Signing Certificate
Signing Certificate Pricing
Code Signing Certificate Storage: Hardware vs. Software
Time Stamping
Certificate Validity (Expiration Date)
4. Implementing Authenticode Signing
Code Signing Process à la Microsoft
Code Signing Implementation Options: Advantages, Disadvantages, Costs
Option 1: Full Hardware
Option 2: Basic Software
Option 3: Combined Software/Hardware
5. Tips on Implementing Combined Software/Hardware
Option
Requirements to Signing Application
6. Tips on Implementing Basic Software
Option
Installing Code Signing Certificate on Signing Server
SignTool
Installing SignTool
Using SignTool
5. Testing
Testing Obfuscation
Testing Strong Name Signatures
Testing Authenticode Signatures
6. Resources
Tools and Products
Authenticode Certificates Offered by Public Certificate Authorities
Online Authenticode Timestamping Services
Standards
Articles
Books
About the Author
1. Introduction
One of important characteristics for commercial software is allowing customers to trust the software manufacturer by validating authenticity and integrity of the software components.
Enjoying the preview?
Page 1 of 1