IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [silverlight]

Microsoft Silverlight is a technology for running applets within a .NET virtual machine embedded in the client browser.

Microsoft Silverlight can be viewed as the translation to .NET of the Java Applet model. Application code is pushed from a Web server to a client browser, within the context of a Web page; that code is executed in a sandbox which leverages the unescapable strong types of the Common Language Runtime (the VM which powers .NET) to allow for running the potentially hostile code without surrendering the browser's security to the whims of the contacted Web server.

7 questions
15
votes
6 answers

Can Javascript/Flash verify the SSL connection to prevent "SSL Inspection"?

I'd like to determine if an SSL webpage is being debugged through Fiddler, or if it's going through an SSL Proxy. So some people may ask What is the point of re-validating SSL using javascript? My goal is to know when a connection is subject to…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
2 answers

Encrypting a Database's Primary Key when sent to the browser

When dealing with either an oData-based application (ADO.NET Data Services), or something that otherwise publishes the PrimaryKey, or ForeignKey to the client... Can someone explain to me be benefits of encrypting the database key when it arrives at…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
4
votes
1 answer

Penetration Testing Silverlight Applications

What would be the process in pentesting a Silverlight application? What would be the best method to proceed in a manual test? Any specific tools use? For example an application with lot of file upload, user input fields and database connectivity…
Epoch Win
  • 922
  • 2
  • 7
  • 14
3
votes
0 answers

How does Silverlight protect the AES keys it gets from PlayReady?

I'm doing some research about how Silverlight protects AES keys. Here is the scenario: There is a smooth stream live encrypted channel service. When i log in to the service and tune the channel, silverlight makes a request to Playready Server to…
knk
  • 31
  • 5
3
votes
1 answer

Are there any tools for automated penetration testing of Silverlight applications?

I'd like to find a tool to assist with automated penetration testing of Silverlight applications, in a similar vein to AppScan for webapps. Specifically, I'm looking for a tool that can cope with sending requests to binary RIA service endpoints. Do…
Matthew Murdoch
  • 183
  • 1
  • 6
2
votes
2 answers

What browsers support encryption or decryption using local certificates, or smartcard readers?

I am working on a cloud-based solution and I would like to encrypt / decrypt the data locally using either a SmartCard or local Machine certificate. I'm hoping to do this in Javascript, but may resort to Silverlight, ActiveX, or Flash (in order of…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
vote
2 answers

Do XBAP applications have the same vulnerabilities as Java Web Apps?

In response to the popular decision in disabling Java Web Apps, there has been very little mention of XBAP applications. XBAP applications are similar to Silverlight but it offers more options to the developer from a sandbox perspective. Should…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536