Navigating a Sea of Pwn - Windows Phone 8 Appsec

Explore Windows Phone 8 application security in this 36-minute conference talk from SyScan'14 Singapore. Dive into the intricacies of application structure, security models, and restrictions. Learn about code signing, encryption, OEM access, and marketplace applications. Examine the DP API, desktop security, and TLS implementation. Discover potential vulnerabilities in interprocess communication, protocol handlers, and cross-application navigation. Gain insights on protecting against threats like cross-site scripting and remote loading. Equip yourself with essential knowledge to navigate the complex landscape of Windows Phone 8 app security.

Introduction
Background
Application Structure
Application Security Models
Application Security Restrictions
Code Signing
Encryption
OEM Access
Diagnostic Application
Marketplace Application
Side Notes
DP API
Desktop
Second Pass Encryption
TLS
Certificate Validation
SSL Support
Summary
Interprocess communication
Implementing protocol handlers
Cross application navigation forgery
What is a toast
Shell post message toast
Application vulnerability
Marketplace validation
How to protect against this
Navigating from method
Crosssite scripting
Remote loading
Conclusion
Questions