What do you think?
Rate this book
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Booklet for developers and security professionals on how to implement code obfuscation, .NET strong name signing, and Authenticode code signing in order to protect applications deployment. The guide contains detailed description of different code signing implementation options from basic software to sophisticated hardware solution.
Topics reasons to implement code obfuscation and signing, obfuscation and strong name signing dependencies, description of Authenticode signing process, singing certificates and certificate authorities, signing certificate private key hardware vs. software, three ways to implement code signing, and more ( ~4,460 words).
Table of Contents
1. Introduction
Several Reasons to Implement Code Obfuscation and Signing
Additional Benefits of Strong Name Signing
Additional Benefits of Authenticode Signing
2. Code Obfuscation and Strong Name Signing
Code Obfuscation Tools
Obfuscation Project and Strong Name Signing
Obfuscation and Strong Name Signing from Command Line
3. Authenticode Code Signing
Code Signing
Digital Signatures
How Code Signing Works
Authenticode
Code Signing Certificate
X.509 Standard
Obtaining Code Signing Certificate
Signing Certificate Pricing
Code Signing Certificate Hardware vs. Software
Time Stamping
Certificate Validity (Expiration Date)
4. Implementing Authenticode Signing
Code Signing Process à la Microsoft
Code Signing Implementation Advantages, Disadvantages, Costs
Option 1: “Full Hardware”
Option 2: “Basic Software”
Option 3: “Combined Software/Hardware”
5. Tips on Implementing “Combined Software/Hardware” Option
Requirements to Signing Application
6. Tips on Implementing “Basic Software” Option
Installing Code Signing Certificate on Signing Server
SignTool
Installing SignTool
Using SignTool
5. Testing
Testing Obfuscation
Testing Strong Name Signatures
Testing Authenticode Signatures
6. Resources
Tools and Products
Authenticode Certificates Offered by Public Certificate Authorities
Online Authenticode Timestamping Services
Standards
Articles
Books
About the Author
Slava Gomzin, CISSP, ECSP, Security+ has more than 15 years of professional experience in software development and application security. He is Security Architect at Retalix USA.
Topics reasons to implement code obfuscation and signing, obfuscation and strong name signing dependencies, description of Authenticode signing process, singing certificates and certificate authorities, signing certificate private key hardware vs. software, three ways to implement code signing, and more ( ~4,460 words).
Table of Contents
1. Introduction
Several Reasons to Implement Code Obfuscation and Signing
Additional Benefits of Strong Name Signing
Additional Benefits of Authenticode Signing
2. Code Obfuscation and Strong Name Signing
Code Obfuscation Tools
Obfuscation Project and Strong Name Signing
Obfuscation and Strong Name Signing from Command Line
3. Authenticode Code Signing
Code Signing
Digital Signatures
How Code Signing Works
Authenticode
Code Signing Certificate
X.509 Standard
Obtaining Code Signing Certificate
Signing Certificate Pricing
Code Signing Certificate Hardware vs. Software
Time Stamping
Certificate Validity (Expiration Date)
4. Implementing Authenticode Signing
Code Signing Process à la Microsoft
Code Signing Implementation Advantages, Disadvantages, Costs
Option 1: “Full Hardware”
Option 2: “Basic Software”
Option 3: “Combined Software/Hardware”
5. Tips on Implementing “Combined Software/Hardware” Option
Requirements to Signing Application
6. Tips on Implementing “Basic Software” Option
Installing Code Signing Certificate on Signing Server
SignTool
Installing SignTool
Using SignTool
5. Testing
Testing Obfuscation
Testing Strong Name Signatures
Testing Authenticode Signatures
6. Resources
Tools and Products
Authenticode Certificates Offered by Public Certificate Authorities
Online Authenticode Timestamping Services
Standards
Articles
Books
About the Author
Slava Gomzin, CISSP, ECSP, Security+ has more than 15 years of professional experience in software development and application security. He is Security Architect at Retalix USA.
35 pages, Kindle Edition
First published April 22, 2012
About the author
Slava Gomzin
16 books1 followerSlava Gomzin is cybersecurity and crypto enthusiast, full-stack technologist and entrepreneur. He is author of multiple publications on information security and technology including books "Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions" (Wiley, 2014) and "Bitcoin for Nonmathematicians: Exploring the Foundations of Crypto Payments" (Universal Publishers, 2016). Slava Gomzin is co-creator of GRAFT and Lyra blockchains.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.