Overview
Explore Windows Store app security testing in this comprehensive 47-minute conference talk from AppSecEU 2014. Delve into the architecture and theory of Store apps, comparing them to traditional Windows applications and websites. Learn how to set up a testing environment using Windows 8.1, web proxies, and Visual Studio. Discover techniques for accessing and testing Store apps, including code review examples focusing on secure and insecure JavaScript. Examine the use of web services in apps and potential security vulnerabilities in the app sandbox. Gain insights into the future of Windows app development and its security implications. This presentation provides a valuable introduction to an emerging area of application testing that is becoming increasingly critical as the Store system matures.
Syllabus
Introduction
About Marion
My rig
Overview
Background
Windows Store
App Store
Security Architecture
Surface RT
Universal Apps
JavaScript
License to Develop
Blend
Store Requirements
Security Testing
Windows Store Apps
Security Testing Methods
C Program Files
D Compilation Tools
Dotnet Reflector
Local context vs web context
Task Manager
Decompile
Bad coding practice
Local State
Web Service
Mobile
Mobile Top 10
Starship
Conclusion
No such thing as results
Youre less likely to get it
Taught by
OWASP Foundation