Testing and Exploiting Flash Applications
- Type
- Slides
- Tags
- Flash, Rich Internet Applications
- Event
- Chaos Communication Camp 2007
- Indexed on
- Mar 27, 2013
- URL
- vhttp://events.ccc.de/camp/2007/Fahrplan/attachments/1320-FlashSec.pdf
- File name
- 1320-FlashSec.pdf
- File size
- 0 bytes
- MD5
- d41d8cd98f00b204e9800998ecf8427e
- SHA1
- da39a3ee5e6b4b0d3255bfef95601890afd80709
Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past. The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
