HTML 5 and JavaScript Application Security in Windows 8/Metro Design

You say JavaScript, I say ECMAScript, and it just doesn’t make a song, so let’s continue…

Security is boring, at least till you project gets hacked.  Then it is an exciting talk with your boss, his boss and then someone else, etc. 

Let’s clarify a few things with the terminology of a Metro App:

And if you think that hashing is something to do with potatoes then you might want to go to a cooking site, come to think of it, maybe I will go to the cooking site.

For example you have an interview coming up at a company and part of your job is securing it’s upcoming Windows 8 Metro app they are going to launch.  You ready to talk the talk?  That link will give you some words to memorize.  Now how do you get some experience with working with security?


First you might need to know the Namespaces related to security, here they are from the link:

Relatively useless definitions, but I always feel that it is a good idea to get those definitions defined, that way when I am driving or doing brain dead stuff I can run them over in my mind.  You could use the Flash Card app to create some flash cards.  Oh wait I might do that.

    • Contains classes, interfaces, and enumeration types that enable you to:
    • Create a certificate request
    • Install a certificate response
    • Import a certificate in a PFX file
    • Specify and retrieve certificate request properties

Contains classes and enumeration types that enable you to:

    • Encrypt and decrypt data
    • Hash data
    • Sign data and verify signatures
    • Create, import, and export keys
    • Work with asymmetric key algorithm providers
    • Work with symmetric key algorithm providers
    • Work with hash algorithm providers
    • Work with machine authentication code (MAC) algorithm providers
    • Work with key derivation algorithm providers

Contains classes that enable you to:

    • Asynchronously encrypt and decrypt static data
    • Asynchronously encrypt and decrypt data streams

Application that demonstrates the Security code:

Skip to main content