Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Attacks on WPF applications

Tags:

.net

security

wpf

What attacks or security vulnerabilities are specific to WPF applications?
To clarify, I'm not asking how to do SQL Injection on WPF apps, or what kind of crypto should I use, or... I'm also not specifically asking about flaws in the Framework, or in WPF itself, rather flaws that might manifest based on improper implementation.
Very specifically, I'm interested on new attacks, or new vectors, that are particular to a client application implemented in WPF. Not specifically XBAP... ClickOnce related issues would be great too.


WPF Skin Skinning Security Concerns would be a good example, though not particularly relevant to my specific need (yet still a valid answer).

like image 549
AviD Avatar asked Jun 24 '10 09:06

AviD


People also ask

Is WPF still relevant 2022?

“WPF would be dead in 2022 because Microsoft doesn't need to be promoting non-mobile and non-cloud technology. But WPF might be alive in that sense if it's the best solution for fulfilling specific customer needs today. Therefore, having a hefty desktop application needs to run on Windows 7 PCs with IE 8.

Is WPF secure?

WPF browser-hosted applications execute within a partial trust security sandbox, by default, which is limited to the default CASInternet zone permission set. This effectively isolates WPF browser-hosted applications from the client computer in the same way that you would expect typical Web applications to be isolated.

Is WPF still viable?

When it comes to a Windows (only) Desktop client, WPF can still be a viable option. The alternatives mentioned above give us many different options to choose from. There is still a very healthy eco-system around Windows Desktop application development, although web and mobile are going through the roof.

Can WPF be targeted to Web browser?

WPF only runs on windows. You can make a type of wpf application called xbap which runs in a browser. BUT. Only on windows.


1 Answers

With WPF, it's easier for someone to steal your GUI. In general, though, it may result in better security because WPF controls do not get windows messaging by default. They use hit testing for dispatching events using routed commands. As far as windows is concerned, it's a game running in that space, not a windows app.

like image 155
Nate Zaugg Avatar answered Oct 14 '22 09:10

Nate Zaugg