Silverlight Based Specialized Pen TestingRequest Pricing

Silverlight Based Specialized Pen Testing

Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.

Specialized Pen Testing

1

Ajax Based High Functioning Apps

2

VOIP And Video Conferencing Devices

3

Cloud Security

Ajax Based High Functioning Apps

Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes. Read More

VOIP And Video Conferencing Devices

Similar to Flash, Microsoft voip is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes. Read More

Cloud Security

Most of the web applications are moving to cloud technology. While this enhances the appliaction functionality, it also introduces security issues. Since everything is virtual in case of a cloud hosting, it is difficult to gain fine grain control of the "data at rest" and "data in transit" Read More

cyber war

Why penetration of Silverlight Based application is essential?

Silverlight is a browser entity plug-in developed by Microsoft to enable web users with a rich client side experience. At its core Silverlight has to assume that all webpages/in-browser apps are potentially malicious, and hence runs applications in a sandbox (plug-in) which allows applications to run within a defined security context safely. Modern web application heavily rely on Silverlight, and many times expose quite a few vulnerabilities.

How we do it??

There are 3 distinct areas within a Silverlight application which are analyzed and tested against security, in the penetration testing.

  1. Deep linking
    • Test for flaws in flow particularly authorization and data input.
    • Allows direct access to a page within Silverlight and could allow bypassing security such as authorization if authorization checks are only done at specific points.
  2. Isolated Storage

    Same as any data storage tests however the special note is that it is client-side storage.
    Questions such as:

    • What can be stored in isolated storage?
    • What can be overridden in isolated storage? For example, had the application stored files that can be overridden by the user?
    • How is that presented back to the user?
  3. Back-end services
    • In web application usage cases Silverlight will commonly form the top tier / front-end and a backend web service will be responsible for some sort of data handling / storage.
    • Because Silverlight is a client-side technology web services if they exist are exposed to the client to, which is different to the usual server-side web application which may not need to expose these at all.
    • Web services should be aggressively tested using automated and manual tools. The normal tests of content type, size constraints, and performance are important. Also some fuzzing would also be good. This all falls back to the generic web services testing is not Silverlight specific.