A broader penetration test of Windows 8 managed (WinRT/C#/XAML) apps, examining how web content handled by WebView controls interacted with the managed app layer. The findings were documented and shared with the platform team. Managed apps had a different attack surface than WinJS apps but shared some common weaknesses around content security boundaries when loading remote web content.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.