Rory and I recently presented at Securi-Tay again. This was the third conference organized and led by the students on the ethical hacking course at Abertay University in Dundee. As usual it was well set up and attended and it is good to see that the professional Scottish testers of the future can arrange a conference which is as good as (if not better than) many of the professional ones we have attended. We had an enjoyable day – even though it was a very long drive there and back.
I spoke about Windows Store Apps and how to test them. We often find ourselves in a situation where we are asked to test things that we are not particularly familiar with – and it is very useful to be able to find some material on the Internet that gives us somewhere to start. I am going to start trying to write a few posts on things we have come across which may be unusual or difficult to test in some way – as usual from the perspective of a professional tester in UK trying to achieve good coverage for a customer in the timescales given in a typical test rather than something done as a hypothetical exercise in hacking.
So my presentation covers what the purpose of these apps is, how they are architected, developed and certified for the Windows Store. I then talk about where to find them, what software you need to test them and how to install and configure it. I outline how you would typically go about testing them and how they tie in with the OWASP top ten and mobile top ten. Finally I consider whether Microsoft have managed to achieve one of their goals with these apps and improve security and confidence for the average non-technical Windows user.