I have a commercial app built using the "Silverlight Business Application" template (it is not yet for sale). Unfortunately, this project is under a very tight schedule. Some of the target markets are known to pirate software very quickly and often view hacking and pirating commercial software as a sort of challenge. We are not security experts and have very little experience in securing software for commercial release. We need an expert resource that can code the final pieces of this application to help us ensure that the SQL Server Express data base that stores the user accounts will be very difficult to hack, the payment processing is not hijacked, and that features like reset/recover lost passwords utilities are not used to expose our authentication/security model.
The final deliverables will include (many of these are already present in the app today-they need to be made secure):
? New User Registration
? User Credit Card Processing (We will be using a third party processing service as well as possibly Paypal.)
? Recover Lost Password Utility (email new password to registered email account after user answers security question correctly).
? Each page in the Silverlight app (other than the home page) should also check to ensure that the user is logged in correctly and that the user has paid.
? SSL certificate to secure the web app that hosts the Silverlight application.
We will need a non-disclosure agreement in place before we will share the source code of this project. However, to assist you in your assessment of the work required, please reference the following links.
? <[url removed, login to view]([url removed, login to view]).aspx>
? <[url removed, login to view]>
The ideal candidate for this project will have already worked with the Silverlight business application template and RIA authentication services, as well as have experience in processing credit card payments through a merchant account. Note: The Silverlight business application template will need to be modified to support the password recovery and the payment processing as well as obfuscating the code.