I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in Silverlight team. If this proposal gets accepted, you will see the article on MSDN magazine soon.
Silverlight is the latest cross-browser and cross-platform web application development technology offered by Microsoft. It enables authoring of more dynamic and graphic web content rendered consistently on all popular Web browsers, including Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and Opera, and on Microsoft Windows and Apple Mac OS X. In order to leverage Silverlight securely, we need to review Silverlight from the perspective of development and deployment. Similar to other web applications, Silverlight applications are susceptible to web-based attacks, such as cross-site scripting and SQL injection. Code must be securely written to withstand those attacks. The functionalities that Silverlight offer can also be misunderstood and used improperly, leading to vulnerabilities both in the server and in the client. In addition, standard deployment security issues apply to Silverlight applications, but the seamless deployment model allows administrators to secure their servers without specialized Silverlight knowledge.
- SL Development Environment Introduction
- Secure Development Best Practices
- Commonly misunderstood programming patterns
- Secure Deployment Best Practices
From Eugene Siu’s blog (http://blogs.msdn.com/esiu)