Building Secure GOV-LOB Windows Phone Apps. Part I

  • Article

DID YOU KNOW YOU COULD HAVE A NOKIA LUMIA 800 TO TEST YOUR APPS   

imageIn January of 2002 Bill Gates introduced Trustworthy Computing to Microsoft and in doing so redefined the whole process of writing software throughout the company. Since then Microsoft has been recognized for its strong commitment to building software that is secure by design and secure by default. Windows Phone is not exception to this. This series is an expression of that commitment to help you understand the process of building secure government LOB applications for the Windows Phone platform.

1– INTRODUCTION

This series is intended as a guide for writing secure Line of Business (LOB) applications for the Windows Phone 7 (WP7) platform. It includes guidance for both WP 7.0 and WP 7.1 release.

While this series is not intended as a comprehensive security solution to every development scenario, it addresses the major security features included in the WP7 platform (7.0 and 7.1 release) and shows how (and to what extent) they can be used to write secure LOB applications.

The initial release of the Windows Phone platform, i.e. the WP 7.0 OS is designed primarily as a consumer device therefore may not include some key Security features that would be required in an Enterprise platform. In fact, many Enterprise relevant features that were available in the Windows Mobile 6.x platform are not available in Windows Phone 7. In the WP 7.1 release (code-named Mango), some new features have been added so as to help developers in creating better and more secure applications.

Mobile devices and software offer potential benefits to the enterprise, including lower operating costs and greater productivity. However, deploying mobile enterprise solutions expose new risks to the enterprise and therefore Security should be a priority. The following illustration shows possible security threats to a corporate network that supports mobile devices. This guide focuses on the Security challenges and recommended Security best practices to develop more secure line of business enterprise applications for Windows Phone platform.

Cc182262.0de361f3-b943-4c20-ae04-cb0713fd8303(en-us,TechNet.10).gif

Reference: Security Risks in the Mobile Enterprise - https://technet.microsoft.com/en-us/library/cc182262.aspx

BUILDING MOBILE APPS HAS NEVER BEEN EASIER FIND OUT HERE!

2– INTENDED AUDIENCE AND SERIES STRUCTURE

This guidance is primarily aimed towards– software designers, architects, developers and testers, who design, build and deploy enterprise mobile solutions. This guidance will cover Windows Phone 7 (7.0 and 7.1 release) as the platform for developing LOB applications.
The document is targeted, primarily, at developers writing applications using the Silverlight for Windows Phone and .NET Compact Framework-based development platform on Windows Phone 7.

The rest of the series is organized as follows:

WP7 Features Summary:

  • Section 3 will provide an overview of the WP7 platform largely focusing on features that have Security related implications.

WP7 Security Guidelines and Best Practices:

  • Section 4 will offer Security guidelines for application developers for WP7 and offers some tips. If you are familiar with WP7 platform and are only interested in security best practices, this is where you should start.
  • Section 5 talks about SDL process and it is equally valuable benefits for WP7 app development. This section is specific to Microsoft SDL. Non-Microsoft developers can consider these as security best practices.
  • Session 6 will show how to leverage WebBrowser control for passive federation and compare active vs. passive authentication.

Based on the above, subsequent posts will cover:

  • 3- OVERVIEW OF WINDOWS PHONE SECURITY FEATURES
  • 4- SECURITY BEST PRACTICES FOR CREATING LOB WP7 APPLICATIONS
  • 5- APPLYING SDL PRACTICES TO WINDOWS PHONE 7 APPLICATIONS
  • 6- USE OF WEBBROWSER CONTROL IN PASSIVE FEDERATION

I hope you find these series useful and that it will help you build more secure government Line-Of-Business (LOB) applications in the future.

Based on work from Manish Prabhu, Sameer Saran, Don Willits, and Dharmesh Mehta.

PLEASE DON’T FORGET TO CHECK OUT THE FREE RESOURCES BELOW

clip_image001
G E T F-R-E-E
Phone: Tools, Devices
Cloud: Tools, Account
Client: WebMatrix
Resources: Infokit
Apps Ideas: Ideas