Upload
yank
View
27
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Security in Windows Store apps. Josh Dunn Senior Program Manager 3-123. Agenda. Security and customer c onfidence Avoiding optimistic m istakes Choose capabilities c arefully Properly handling c ustomer d ata Q&A. Security and customer c onfidence. - PowerPoint PPT Presentation
Citation preview
Security in Windows Store appsJosh DunnSenior Program Manager3-123
Security and customer confidenceAvoiding optimistic mistakesChoose capabilities carefullyProperly handling customer dataQ&A
Agenda
Security and customer confidence
Customer confidence in apps is directly related to:
Apps following secure coding practicesApps behaving in expected waysApps respecting customers data
Customers should acquire apps without worrySimple, common sense principles applied to app security protects customer confidenceLeverage principle of least privileges for app capabilitiesHandling customer data responsibly
Customer confidence leads to worry-free app acquisition
Avoiding optimistic mistakes
Customers expect apps to be alive, dynamic, and deeply interactiveMeeting this expectation requires real time data, feeds, and content from cloud servicesTrusting the cloud is an expression of optimism, and is the most common mistakeTwo examples of “optimistic” code
With great flexibility comes great responsibility
Demo #1
Optimistic eval()
Demo #2
Optimistic execUnsafeLocalFunction()
eval() and execUnsafeLocalFunction() are examples of several potential “optimistic” functionsUse of WinJS framework
Designed for Windows Store appsMaintained by MicrosoftGrows as Windows 8 grows
Use caution in “working around” issues in frameworksIf you do one thing, JSON.parse it
Not trust and then verify, but verify then trust
Other optimistic thoughts
Chose capabilities carefully
Least privilege should be the ruleGeneral vs. special use capabilitiesMost commonly misunderstood capabilities
Documents libraryEnterprise auth
Capabilities enable great experiences, but the least privilege model should always be applied
Capabilities increase the functionality of an app, but they also increase the potential for abuseBe careful adding a capability to make something “work”If you don’t need it, don’t use it (even if you think you’ll need it later!)
If you don’t need it, don’t use it
Least privilege is the rule
General capabilities vs. special use capabilities
Regardless of general or special, least privileges is the ruleGeneral use capabilities expand app functionality to interact with libraries, networks, and devicesSpecial use capabilities are powerful (think admin) and have very precise purposes
General capabilities can be used by all; special capabilities are restricted to business accounts
Documents library considerationsProgrammatic access to registered file extensionsNot required for accessing files, or creating files in documents. Use the file pickerDo not register for extensions unless you handle them
The single most “over declared” capability
Special capabilities: Documents library
Special capabilities: Enterprise authentication
Enterprise authentication considerations
Used for accessing Windows credentials to access enterprise resources programmaticallyNot required for one-off access; the file picker provides the prompt for credential challengeNot required for connected account functionality
Unless you’re an enterprise app, you don’t need it
Shared user certificates considerations
Enable access to software and hardware certificates, such as certificates stored on a smart cardTypically used by financial institutions or enterprise apps that require a smart card for authenticationNot required for Secure Sockets Layer (SSL). The platform supports this natively
If you’re not a financial institution or an enterprise, you probably don’t need it
Special capabilities: Shared user certificates
Be transparent with your customers through your privacy policy
What data do we collect?What we do with your data?How can I opt out of data collection?
Transmit/Store PII securelyUse non PII whenever possible
Consider using GetPackageSpecificToken
Leverage Credentials Locker for credential management and access
Providing a customer-centric experience can mean handling customer data. They’re trusting you
Properly handling customer data responsibly
By coding securely, applying least privileges, and handling customer data safely, your app can be layered in protection,
not a cascading failure
Confidence stems from expected app behavior, good coding practices, and proper data handling
Confidence is evaluated cumulatively
Customer confidence leads to worry free app acquisition. Common sense coding, a least privilege approach to capabilities, and trustworthy handling of data will collectively ensure an app’s success
Best practices for writing safe and secure Windows Store apps using HTML5Coding with confidenceCapabilities ListgetPackageSpecficToken
Resources
Thank you!
• Develop: http://msdn.microsoft.com/en-US/windows/apps/br229512
• Design: http://design.windows.com/
• Samples: http://code.msdn.microsoft.com/windowsapps/Windows-8-Modern-Style-App-Samples
• Videos: http://channel9.msdn.com/Windows
Resources
Please submit session evals by using the Build Windows 8 appor at http://aka.ms/BuildSessions
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.