Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Testing and Exploiting Flash Applications

Flash, Rich Internet Applications
Chaos Communication Camp 2007
Indexed on
Mar 27, 2013
File name
File size
125.3 MB

Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past. The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !