It is normal to list some extra-secure compiler options to prevent attacks on C and C++. However, I have not found any similar recommendations for C#. Are compiler options simply not relevant to C# security? Or, are there some options which might improve the security of the executable?
Also: I could see how this might be better on Stack Overflow. Comment me if you think this is the case.
First off, C# and .NET can't do deterministic builds. See the official response here.
Post compile you may want to obfuscate your code or encrypt it.
PDB files mean your exe can be debugged. Follow these directions to prevent PDBs from being created when in release mode.
Note that deploying in Release is different than debug, and run time debuggers may have a hard time reading it (a good thing)
Consider signing your code with Authenticode
Consider loading only strong named assemblies
There is an effort to allow C# to produce deterministic builds with Roslyn. This allows you to verify that the source matches the binary.
While they are not there yet you can see the progress at https://github.com/dotnet/roslyn/issues/372
Why is this important?
The ability to identically reproduce builds is of increasing importance and visibility following concerns that arose from the disclosure of global surveillance activity, and the integrity of both the sources and compilers used to create distributable binaries.
Deterministic builds will allow any user to confirm that the binaries distributed in a package repository are built from an unaltered source package, free of any interference at build time.
(borrowed from Debian)
