Embed Size (px)
Citation preview
A Hacker's Perspective
Kamran Bilgrami / Angelo Chan
Silverlight Security
Agenda
• Silverlight overview• Scope• Key concepts• Demos• Recommendations• Q&A
Silverlight Overview
User• Cross-browser, cross-platform• Media-rich (audio/video)• Run in-browser, out-of-browser• .xap - archive of assemblies,
manifest Programmer• .NET programming model• Networking and LINQ support
Silverlight architecture
• Presentation (e.g. Media)• CoreCLR (optimized)
Silverlight overview - security
• Run-time security modes o In browser, out of browser
• Sandboxo User initiated, same origin
policy
Scope
• In scopeo Vulnerabilities against Silverlight
related components • Out of scope
o Classical attacks (SQL Injection, XSS etc)
• Due to XAP/CoreCLR, hackers can now
apply .NET assembly hacking techniques to your web application
Useful concepts
• XAP• CoreCLR• Intermediate Language (IL)
• Widely Available Tools
o ILASM/ILDASMo Reflectoro ReflexIL
• Signing/Tamper detection• Obfuscation (Protect IP)
Demos
Demo 1 Summary
Problems• Code not obfuscated• Tamper-able Assembly • Client side Business logic
Solutions• Use code obfuscation• Assembly Signing• Server Side Business
Demo 2 Summary
Starting conditions• Code was obfuscated• Tamper resistant• IP / Business logic on
server side
Run-time hacking• Bypass tamper detection• Bypass server business
logic
Recommendations
• Web security - XSS, data encryption
• CLR - Obfuscation, signing• Domain-specific - e.g. banking
application• Legal
Q&A
References• Silverlight Security Overview - MSDN• Silverlight Architecture - MSDN• SOS command reference - MSDN• CLR Inside Out - MSDN• http://www.windowsdebugging.com
[email protected]@windowsdebugging.com
