Protecting .NET applications that use JSON objects

July 23, 2018 4557 Views Johnny

JSON is a widely used format for sharing objects and data within an application. To protect .NET applications that serialize and deserialize JSON objects, you should be aware of some special considerations.

Consider a basic Employee class:

When serialized to JSON, the object is stored as a string.

If written to the console at this point, the “json” string would look like:

{"FirstName":"Jane","LastName":"Doe","Email":"jd@example.com"}

Please note the original names of the properties printed in the Json string: FirstName, LastName, and Email.

In another part of the application, the object is deserialized into a .NET class.

The deserialization mechanism relies upon the original property names to pair its data, but Dotfuscator will rename those property names by default. To ensure that the deserialization works correctly, I need to tell Dotfuscator not to do that by excluding the FirstName, LastName, and Email properties on the Dotfuscator Rename tab.

Now, I can ensure the correct output:

Deserialized: Jane Doe jd@example.com

I’ve presented one scenario as it pertains to JSON serialization and deserialization. There are different ways to serialize and deserialize JSON objects, but the underlying concepts are the same with respect to obfuscation: if a property name is compared to a string representation of that property, a rename exclusion is likely required in Dotfuscator.

You may download the full example here.

If you have any feedback on this topic, or other topics you would like us to discuss in the Support Corner, please feel free to contact us at support@preemptive.com.

Latest Blog Posts

Post Covid-19: 4 Application Trends You Need to Know

In an already digital world, the Covid-19 pandemic forced society and businesses to adopt additional modes of technology and press on for more advanced application development. Business’ focus shifted to increased remote work collaboration, streamlined contact tracing work, and enhanced consumer e-commerce connections. With little knowledge on how much longer social distancing measures will be in place, more on-demand application development options are needed to successfully maintain workplace functionality.

Gabriel Torok, Founder and CEO of PreEmptive, recently authored an article as part of the Forbes Technology Council. In it, he describes four application trends that help predict emerging expectations for the future of enterprise.

Customers occasionally ask us about adding DashO, Dotfuscator, or JSDefender to their Docker-based build processes. We do not provide pre-built Docker containers for our products, but it is relatively straightforward to create your own containers with the distributions we do provide. Historically, setting up licensing for these containers could be a challenge, but with the recent addition of Floating license support to DashO, Dotfuscator, and JSDefender, even the licensing part is straightforward.

This blog provides example Dockerfiles for each product, as a starting point for building your own containers. You will need to replace {x.y[.z]} with the appropriate major.minor[.patch] version.

Read more

Navigating the Choice Between Security and Customer Experience

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

“Better licensing means more flexibility,” said CTO Bill Leach during a recent presentation on the release of DashO 11 - PreEmptive’s Android and Java Protection Product. “The new floating license and product activation features allow users to provision DashO on the fly – for example, on cloud hosted build agents that don’t already have DashO preinstalled. By specifying the license key at run time, development teams can more easily automate their builds, no matter where they run.”

Revamped licensing and activation are not the only updates in this latest version—other highlights include:

Cyber-attacks have increased in quantity and sophistication in 2020, but we may not have heard about them in the news. Covid-19 updates have dominated headlines, and our physical health and safety has taken the spotlight over our technology’s health and safety. While news of vaccines and outbreak hotspots will continue to be the most important “news of the day” – it is important to be aware of security breaches that threaten the safety of our data and privacy.

Protecting .NET applications that use JSON objects

Post Covid-19: 4 Application Trends You Need to Know

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

DashO 11 Release: Licensing, Bug Fixes, and Improved Functionality

Top 3 Cyber Attack Vectors During the Pandemic

Latest Blog Posts

Post Covid-19: 4 Application Trends You Need to Know

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

JSDefender Version 2 Release

DashO 11 Release: Licensing, Bug Fixes, and Improved Functionality

Twitter