Setting the context:
We have an internal app that started out as a web application, but now uses the windows desktop model instead of the browser for rendering. So instead of opening in browsers, the web app opens in modeless windows that are coded in C#. The user has to install a small exe to setup the modeless windows.
You would be clicking custom built toolbars (instead of the File, Edit, View options etc) and those will launch modeless windows and trigger an HTML request. The reponse will be rendered in the modeless window.
Issue:
we used to security test using Appscan when it was a pure browser application. We also use pen testers. However, Appscan doesn't work with the modeless windows model. It only manages to capture the first request (which is usually the login request).
Would you happen to know of any tool or testing framework/model that can security test this kind of an app?
I did try to look at relevant links, but they all seem to point to pure browser based web testing. Like this one: Web application security testing
Thanks in advance!
Edit: An example - have a look at http://samples.msdn.microsoft.com/workshop/samples/author/dhtml/refs/showModelessDialog.htm
How would I get appscan to scan the request response in the modeless windows.
What needs to be tested (for security) beyond the login? You've essentially created a dumb terminal that passes commands to a server and renders responses from that server.
If you really need some automated tester to work, then create a command-line switch for your EXE (dumbtermina.exe /test) that renders a regular windows form with simple buttons that simulate all of the menu and other commands.
Related
I was trying to make a pc application that helps people more conveniently when they are using a browser(e.g Chrome, Firefox, Edge ...)
For example, the application shows the default browser and let user can choose another browser as default if they want to, and the app shows all windows that are currently opened; Overmore, when the user clicks a specific window then app will focus the window.
user can select default browser
user can see all windows categorized by browser type
So, my initial planning was using Election js; however, I've found that there is no way to control a browser from the Electron application since Node js cannot access the users' system(this thinking could be wrong since I have poor English😥)
After some research, I'm guessing C# can do that by using windows api. I've saw this post that saying by using DDE, we can get tabs urls.
But I'm wondering if C# can fully control a browser; for instance, create a new window, notice if music or video is playing in the tab, request to browser for getting favorites list.
If it cannot, how about requesting api to the browser from pc application?
You cannot fully control a browser. Internet Explorer was the only browser that had a documented and supported API to control, inspect and automate. Internet Explorer is dead so this is a dead end. The basic DDE control interface is also outdated.
Accessing favorites and the content of open tabs is limited because evil people would use such APIs to inject and spy. If you want to access the favorites you will have to write custom code for each browser.
Using the accessibility and UI automation APIs is the only reliable and supported way of interacting with modern browsers. SetWinEventHook can be used to detect window creation and primitive state changes. MSAA/UI Automation needs to be used to get more information from each browser window.
The thumbnail API and/or magnifier API can be used to get the preview image.
To open a new tab, execute a new process with the URL on the command line. Some per-browser customization might be required (-new-tab parameter etc).
Use IApplicationAssociationRegistration::QueryCurrentDefault to detect the default browser.
i have a windows application and now we want to upgrade it to web application.
Is there any way to use same forms from web application
to avoid duplicate work to develop same page in web application.
i want to open windows form on one click from web form. please provide any sample code if possible.
It's not something you can do automatically. You can reuse your business logic behind the application but you have to write a new UI from scratch. You can also try to use some automated tools but to be honest in most cases you will have to put significant amount of work to get your application working the same as window windows application. You must consider and implement new security policy regarding data transfer/presentation in your web app.
As Adjorem said, simply, no. Even if you find a converter it will probably make a mess and you'll need to do a lot of refactoring.
To open your windows app from web app:
You can register your own url protocol to start your application, e.g myfancyapp.
On your website you can create an href="myfancyapp://...". You can parameterize your windows app through a downloadable file with startup infos.
See:
How do I register a custom URL protocol in Windows?
If you want, you can check, if your app is installed with the help of fonts. Install a font (with a special name) with your app installer. You can then check if font is available on your website and display a message "Please install windows app first".
I've a C# WPF application developed in VS 2015, and I want the browser to read some data from it. Just a short string. I can save it in a text file, or in a variable but it should be visible to the browser (using JS I suppose). For instance using file:/// doesn't work if the original page is hosted online - as in my case (different source conflict). This should work in Opera and FFox, but looking at their extensions, it seems you can only develop with front-end technologies, which are not enough in my case since I use WPF to look into Win OS, and then I need to share the result with the browser.
I suspect it's possible, and no , it's not to write a malicious piece of code. For instance I can read the details of the graphic card for diagnostic purposes.
Please help, many thanks.
Browsers run in a security sandbox which is intended to stop them reading or writing files to the file system.
You could write to the user's appdata. There are various javascript frameworks which persist data to there so they can provide offline or static data.
I don't think that is a good plan though.
I suggest your first candidate would be a cookie.
Quick google on how to do that, I find:
How to create cookie in c#.net windows application?
From a web page you can use the content of a cookie dynamically. So you could change what you see in the web page after it's up and running from some process in your wpf app and do a counter or whatever.
I've not used this with windows apps and a browser but I have with a web app and Silverlight. I'm afraid I don't have that code to hand though.
I'm newbie in WPF/Silverlight world. In the first step , I developed a "Hello world" application and simply run it but the problem is application successfully run only on Internet explorer. When I changed my browser like chrome or firefox etc, application pop up a Save window which means browser unable to understand the filetype. I want to know any plugin required to smothly run my WPF project on different web browsers.
IMO, You are referring to Silverlight and not WPF
WPF Applications are Desktop Applications and they are not made for Browsers.
And Silverlight is cross-platform, across browsers.
You can download and install the plugin from here,
http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx
I think you are looking for Silverlight, not 100% sure tough
WPF browser based application can run in the IE and firefox web browser. One can use silverlight for implementing the WPf browser based application. But silverlight is the small subset of WPF framework. The machine running the WPF web browseer based application must be installed with the .Net runtime environment. WPF web browser based application ideally used for the intranet usages.
Say I have a mobile optimized website which runs with a lot of javascript on it to create awesome effects, and a user enters the website via a mobile browser which doesn't have javascript activated.
Is it then possible to (through a button click) redirect that user to his/hers browser settings?
You need to have JavaScript activated in order to browse this site properly.
Click here to change your settings
In principle, you can create an intent: URL that references an ACTION_SETTINGS Intent, though I have not tried this. Off the top of my head, the simplest way to construct that URL is to generate a scrap Android project and call:
Log.d("Something", new Intent(android.provider.Settings.ACTION_SETTINGS).toUri(Intent.URI_INTENT_SCHEME));
then check LogCat for the URL that you would put in the Web site. Of course, this URL will only work on Android devices.
I only know Windows Mobile (and there, only up to v6.1), but I would guess your clients would have to have some app of yours prior installed to access features of the device itself.
If websites could access a device's features, it would be viewed as a virus.