140 likes | 256 Views
Silverlight Security. A Hacker's Perspective. Kamran Bilgrami / Angelo Chan. Agenda. Silverlight overview Scope Key concepts Demos Recommendations Q&A. Silverlight Overview. User Cross-browser, cross-platform Media-rich (audio/video) Run in-browser, out-of-browser
E N D
Silverlight Security A Hacker's Perspective Kamran Bilgrami / Angelo Chan
Agenda • Silverlight overview • Scope • Key concepts • Demos • Recommendations • Q&A
Silverlight Overview User • Cross-browser, cross-platform • Media-rich (audio/video) • Run in-browser, out-of-browser • .xap - archive of assemblies, manifest Programmer • .NET programming model • Networking and LINQ support
Silverlight architecture • Presentation (e.g. Media) • CoreCLR (optimized)
Silverlight overview - security • Run-time security modes • In browser, out of browser • Sandbox • User initiated, same origin policy
Scope • In scope • Vulnerabilities against Silverlight related components • Out of scope • Classical attacks (SQL Injection, XSS etc) • Due to XAP/CoreCLR, hackers can now apply .NET assembly hacking techniques to your web application
Useful concepts • XAP • CoreCLR • Intermediate Language (IL) • Widely Available Tools • ILASM/ILDASM • Reflector • ReflexIL • Signing/Tamper detection • Obfuscation (Protect IP)
Problems Code not obfuscated Tamper-able Assembly Client side Business logic Solutions Use code obfuscation Assembly Signing Server Side Business Demo 1 Summary
Starting conditions Code was obfuscated Tamper resistant IP / Business logic on server side Run-time hacking Bypass tamper detection Bypass server business logic Demo 2 Summary
Recommendations • Web security - XSS, data encryption • CLR - Obfuscation, signing • Domain-specific - e.g. banking application • Legal
References Silverlight Security Overview - MSDN Silverlight Architecture - MSDN SOS command reference - MSDN CLR Inside Out - MSDN http://www.windowsdebugging.com kamran@windowsdebugging.com angelo@windowsdebugging.com