Microsoft Silverlight Promises Web App Security
Microsoft is promising a new, more secure version of yet another product. This time it isn't Vista or Office but Silverlight, the rich application development environment derived, at least to some degree, from .Net. Of course, I suspicious of most security claims until I see some details but the Silverlight architecture has some promising elements.
First, Silverlight use a sandbox model, like Java, so as long as the sandbox code is not vulnerable, devices running the applications will not be subject to some typical attacks.
Silverlight also uses .Net's managed code model so applicaitons execute in a virtual machine, again avoiding the potential of gaining access to the true machine.
Microsoft says Silverlight not vulnerable to most common exploits finds a consensus so far in the industry that Silverlight is more secure than other rich Internet application environments:
That consensus favors Microsoft's argument that the software won't be easily exploitable by hackers. Microsoft says that Silverlight, a browser plug-in that works with Internet Explorer, Firefox and Safari, has key attributes that should prevent Silverlight from such exploits.
Ok, let's say Silverlight is more secure, where will attackers go looking for vulnerabilities? My guess is hackers will go after he application code written by developers, which will still be a weak point. Injection attacks, like SQL injection and PL/SQL injection attacks will still exist. Database applicaiton are especially appealling targets because they are a conduit to the crown jewels of a company: customer identity and financial information.
Will Silverlight help keep your company from becoming the next TJX?
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
