11,568 questions
I think you are talking about dependency confusion attacks.
https://learn.microsoft.com/en-us/nuget/concepts/security-best-practices
.NET - Protecting Code from Malicious Attacks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 61%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Joseph Kuper
1
Reputation point
With the evolution of code and software also comes the evolution of the hacker/cracker.
Does anyone have a link to a product or article that details the most current "Best Practice" on how developers can protect their code, and in turn, protect their clients who use their software?
To be more specific with this question, let me provide a brief scenario, as there are two key aspects to consider:
- A company develops security software for a major utility, their core language is C# and all developers in their company are using the latest Visual Studio. The C# code has many libraries and external references from GITHUB and other sources.
- Now a hacker/cracker gets their hands into one of the GITHUB libraries and alters its code to expose any user of their vulnerabilities. The very same GITHUB library that the software developers use in their product.
Aspect one: Is there a tool, article, or best practice guide for something out there today that can be utilized in Visual Studio to protect code from these types of attacks? (described above)
Aspect two: Is there a tool, article, or best practice guide that details unit test purging of any sensitive data? Example: developer accidently uses real usernames and passwords in their unit test. Yes, they should not do this. But human error is an evident part of our world. Is there something we can put in place to help with this?
Thanks so much for any links or descriptions that may help.
Developer technologies C#
{count} votes
-
Sam of Simple Samples 5,546 Reputation points2021-05-28T17:09:09.677+00:00 This question is very broad. You will get better responses if you show us what you have already found by searching and explain why none of them are satisfactory.
-
Joseph Kuper 1 Reputation point
2021-05-28T18:52:23.46+00:00 My apologies for the broad question. The intent I had was to see if anyone had experience in this scenario and what they would recommend moving forward.
The foundation of this question is inspired from this article: https://www.securityweek.com/vulnerabilities-visual-studio-code-extensions-expose-developers-attacks
The idea was to trigger a discussion about how experienced developers would deal with this issue. There seems to be many products/ideas/solutions such as:
https://visualstudiomagazine.com/articles/2021/04/28/vs-code-mitre.aspxFrom a consumer standpoint (us as developers), what does the community see as best practice?
Sign in to comment
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
cheong00 3,486 Reputation points Volunteer Moderator2021-05-31T02:05:25.98+00:00 FYI, in your VS2015+ IDE project settings -> "Code Analysis" you can enable code analysis on build with different rules (Say, "Microsoft Security Rules" or import customized rulesets)
The basic idea is to get rid of coding pattern that is likely to introduces vulnerabilities.