Coding Stephan

Why most C# apps lack https security

A lot of apps build in C# (or probably any other language) lack the basic protection against Man-in-the-middle-attacks. One of the reasons I could find for this is because of the following.

If you’re searching the web on how to communicate with your development server (probably not hosted with a correct SSL certificate), most sites tell you to include the following code to your project.

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
	Console.WriteLine("Certificaat: {0}",certificate.Subject);
	Console.WriteLine("SslPolicy: {0}",sslPolicyErrors);
	return true; //This row is the problem. If you don't know why, I wouldn't use apps from your company!

While this is perfectly fine during the development phase, you should make sure this part is NEVER included in your project that will be deployed somewhere!