Santanu Paul's Digital Garden


Modern Cryptography best practices for building secure applications on .NET Core - Introduction

Published 2019-08-26,
.NET Core

If you are a developer who is creating software that will be used by others, Security is THE most important aspect, that you need to understand well. You need to nail security implementation in your software and keep it up-to-date with the latest evolving techniques.

Unfortunately, this is not true for most of the software applications around us. Every month, we hear of a new security breach, where attackers get access to user data, thereby compromising the privacy and security of software users.

What is even more astounding, is that in a fair number of these breaches, the root cause of the inherent system vulnerability could be traced down to things like storing user passwords as clear text.

This is NOT how it should be.

Internet will give you thousands of blog posts and articles on how to become a full stack developer. There would be folks who would lay down an entire road-map, on how to become a developer in 2019.

Want to learn ASP.NET Core? there is a roadmap for that, want to learn Javascript, NodeJS, ReactJS? - internet is filled with learning paths for them.

Want to implement strong security in your application? - the internet won't give you too many learning paths.

In this series of articles, I am going to talk about Cryptography - which is a stepping stone for implementing strong security features in our applications. Although the concepts are generic, the applications will be in C# language, using .NET Core framework. In future articles, I plan to build on these concepts and start talking about implementing Security in .Net Core applications.

The Path

  1. Understand Cryptography
    1. Hashing
    2. Symmetric Encryption
    3. Asymmetric Encryption
    4. Digital Signatures
  2. Apply Cryptography
    1. Store passwords safely
    2. Secure your clear-text documents

As you can see, in due course, we will build an application that you can use to store your documents safely.

You can apply the concepts we discuss here, to maybe create your own 1Password or Dashlane.
There is no harm in using these services. Unless you are paranoid about letting an external application to manage your credentials, without knowing at least a little bit of the techniques used behind them.

It is very important that us developers start learning the fundamentals of application security. People who use our software, their privacy and identity depend upon it. My hope is this series of articles will give you the initial nudge towards that path!

Index of published articles

Share this article:

All content © Santanu Paul