Security in Windows Store appsJosh DunnSenior Program Manager3-123

Security and customer confidenceAvoiding optimistic mistakesChoose capabilities carefullyProperly handling customer dataQ&A

Agenda

Security and customer confidence

Customer confidence in apps is directly related to:

Apps following secure coding practicesApps behaving in expected waysApps respecting customers data

Customers should acquire apps without worrySimple, common sense principles applied to app security protects customer confidenceLeverage principle of least privileges for app capabilitiesHandling customer data responsibly

Customer confidence leads to worry-free app acquisition

Avoiding optimistic mistakes

Customers expect apps to be alive, dynamic, and deeply interactiveMeeting this expectation requires real time data, feeds, and content from cloud servicesTrusting the cloud is an expression of optimism, and is the most common mistakeTwo examples of “optimistic” code

With great flexibility comes great responsibility

Demo #1

Optimistic eval()

Demo #2

Optimistic execUnsafeLocalFunction()

eval() and execUnsafeLocalFunction() are examples of several potential “optimistic” functionsUse of WinJS framework

Designed for Windows Store appsMaintained by MicrosoftGrows as Windows 8 grows

Use caution in “working around” issues in frameworksIf you do one thing, JSON.parse it

Not trust and then verify, but verify then trust

Other optimistic thoughts

Chose capabilities carefully

Least privilege should be the ruleGeneral vs. special use capabilitiesMost commonly misunderstood capabilities

Documents libraryEnterprise auth

Capabilities enable great experiences, but the least privilege model should always be applied

Capabilities increase the functionality of an app, but they also increase the potential for abuseBe careful adding a capability to make something “work”If you don’t need it, don’t use it (even if you think you’ll need it later!)

If you don’t need it, don’t use it

Least privilege is the rule

General capabilities vs. special use capabilities

Regardless of general or special, least privileges is the ruleGeneral use capabilities expand app functionality to interact with libraries, networks, and devicesSpecial use capabilities are powerful (think admin) and have very precise purposes

General capabilities can be used by all; special capabilities are restricted to business accounts

Documents library considerationsProgrammatic access to registered file extensionsNot required for accessing files, or creating files in documents. Use the file pickerDo not register for extensions unless you handle them

The single most “over declared” capability

Special capabilities: Documents library

Special capabilities: Enterprise authentication

Enterprise authentication considerations

Used for accessing Windows credentials to access enterprise resources programmaticallyNot required for one-off access; the file picker provides the prompt for credential challengeNot required for connected account functionality

Unless you’re an enterprise app, you don’t need it

Shared user certificates considerations

Enable access to software and hardware certificates, such as certificates stored on a smart cardTypically used by financial institutions or enterprise apps that require a smart card for authenticationNot required for Secure Sockets Layer (SSL). The platform supports this natively

If you’re not a financial institution or an enterprise, you probably don’t need it

Special capabilities: Shared user certificates

Be transparent with your customers through your privacy policy

What data do we collect?What we do with your data?How can I opt out of data collection?

Transmit/Store PII securelyUse non PII whenever possible

Consider using GetPackageSpecificToken

Leverage Credentials Locker for credential management and access

Providing a customer-centric experience can mean handling customer data. They’re trusting you

Properly handling customer data responsibly

By coding securely, applying least privileges, and handling customer data safely, your app can be layered in protection,

not a cascading failure

Confidence stems from expected app behavior, good coding practices, and proper data handling

Confidence is evaluated cumulatively

Customer confidence leads to worry free app acquisition. Common sense coding, a least privilege approach to capabilities, and trustworthy handling of data will collectively ensure an app’s success

Best practices for writing safe and secure Windows Store apps using HTML5Coding with confidenceCapabilities ListgetPackageSpecficToken

Resources

Thank you!

• Develop: http://msdn.microsoft.com/en-US/windows/apps/br229512

• Design: http://design.windows.com/

• Samples: http://code.msdn.microsoft.com/windowsapps/Windows-8-Modern-Style-App-Samples

• Videos: http://channel9.msdn.com/Windows

Resources

Please submit session evals by using the Build Windows 8 appor at http://aka.ms/BuildSessions

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.