Introduction
In this blog, we are discussing the importance of cryptography. While writing code we used to think about code optimization application performance but we are not worrying about secured code. Let's understand the importance of cryptography.
Encrypt NPI or Personal Information In Database
For example in India Aadhar card number is sensitive information. If we are storing Aadhar card number in our database we should encrypt before save it in the database. Not only Aadhar card even user name, password, bank related information, or any sensitive information.
Encrypt The Communication Layer
Encrypting the communication layer is always good when we are using web services. When we are using httpclient it is better to mention TLS configuration through code or we can configure this globally in global.aspx or startup.cs file. Below is the code snippet please take a look.
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls12|SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
Please remember TLS1.1 and 1.0 are vulnerable versions and it is always better to use TLS1.2 algorithm in the handshake signals.
Encryption Keys Held In a Code
Hardcoding encryption keys in code are not a best practice it is always better to read it for the web.config or appsettings file. Nowadays we have cloud services like AWS secret key or Azure key vault. I personally prepare to use cloud services instead of storing in the web.config or appsettings file.
Check Any Bad Ciphers
While encrypting the data we need to keep one thing in our mind: which algorithm we are using for encryption and decryption. For example, if you are using SHA, RC4, MD5 in the sense you are using week ciphers. I suggest always using AES 256 bit algorithm for cryptography.
Summary
In this blog, we discussed the importance of cryptography in application security.
I hope that you find it helpful. Eat->Code->Sleep->Repeat.