Channels ▼
RSS

.NET

Review: PreEmptive Way To Obfuscate .Net Apps


Most enterprises recognize that cleanly compiled .Net and Java objects pose serious risks, yet few grasp the need to incorporate obfuscation into their application life-cycle practices. PreEmptive Solutions wants to ensure that enterprises don't eschew obfuscation with its Dotfuscator for .Net and DashO Pro for Java tools.

PreEmptive aims to change the perception that obfuscators are only name-mangling tools for source code. The Mayfield Village, Ohio-based company knows too well that simply renaming code structures with obfuscation during the last phases of development won't prevent hackers from decompiling and searching through .Net and Java binary code to find weaknesses.

According to PreEmptive, most attacks happen inside companies via identity theft or by employees having access to clean binaries so they can search on strings and other code elements to find intrusion points into data tiers. Companies that make the right security decisions don't overlook that fact.

To gain the most from obfuscation, IT managers should implement enterprisewide controls and manage them consistently across their organizations rather than putting practices in systems only when illegal activities are detected or, worse, just to slow down hacker infiltration on key Web applications.

However, obfuscation can have some negative implications for source code. For instance, by restructuring flow control on code logic, overall application performance can be affected considerably. What's more, renaming can add complexity to debugging, reflective code and incremental patches. Dotfuscator provides some solutions to these problems by generating various configuration files.

Since PreEmptive's free Dotfuscator Community Version is embedded in Microsoft' Visual Studio, .Net developers will immediately be able to familiarize themselves with Dotfuscator Professional. Once installed, output assemblies from Visual Studio projects are pumped right into Dotfuscator.

Dotfuscator takes internal .Net debugging files, which associate variables and code lines with assemblies, and synchronizes them with obfuscated assemblies so the line numbers match up. That's how Dotfuscator can make debugging work. Essentially, Dofuscator generates map files that match original source-code fields with obfuscated fields.

Dotfuscator map files are in XML format and can be transformed into human-readable HTML. A good side effect of renaming code is that it immediately shrinks assemblies. By reducing the string heap within assemblies by 40 percent to 60 percent, applications load faster, which directly affects performance.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.