Attacks on WPF applications

views:

132

answers:

+8 Q:

Attacks on WPF applications

What attacks or security vulnerabilities are specific to WPF applications?
To clarify, I'm not asking how to do SQL Injection on WPF apps, or what kind of crypto should I use, or... I'm also not specifically asking about flaws in the Framework, or in WPF itself, rather flaws that might manifest based on improper implementation.
Very specifically, I'm interested on new attacks, or new vectors, that are particular to a client application implemented in WPF. Not specifically XBAP... ClickOnce related issues would be great too.

http://stackoverflow.com/questions/2610948/wpf-skin-skinning-security-concerns would be a good example, though not particularly relevant to my specific need (yet still a valid answer).

+2 A:

With WPF, it's easier for someone to steal your GUI. In general, though, it may result in better security because WPF controls do not get windows messaging by default. They use hit testing for dispatching events using routed commands. As far as windows is concerned, it's a game running in that space, not a windows app.

Nate Zaugg 2010-06-24 17:30:38

Although, in Visual Studio 2010 extensions manager there is a plug-in to help obfuscate your XAML.

Nate Zaugg 2010-06-24 17:36:32

Another consideration is that while the application is blind to windows messaging and associated interfaces, there are programs that will allow you to view the visual tree in WPF. There is a tool called Snoop (http://snoopwpf.codeplex.com/) that can inspect your visual tree for debugging purposes. This could be cause for concern, but usually it isn't a big deal.

Nate Zaugg 2010-06-24 18:24:15

@Nate, thanks for the info. Interesting, but doesnt quite help me yet... I'm actually leaning towards accepting that the app is relatively secure :)

AviD 2010-06-29 23:23:15

ansaurus

tags:

views:

answers:

Attacks on WPF applications

related questions