0sec07 - 0.7
0sec 2007
| Speakers | |
|---|---|
|
fukami |
| Schedule | |
|---|---|
| Day | 2 |
| Room | Talk |
| Start time | 17:00 |
| Duration | 01:00 |
| Info | |
| ID | 2 |
| Event type | Lecture |
| Track | Talks |
| Language | English |
Testing and exploiting Flash applications
Flash is used for so-called RIA quite a long time now. Many of us know that Flash can be evil and used for bad and ugly things, but it was not too easy to audit Flash apps in the past.
The lecture will start with an overview over the history of Flash and ActionScript, its capabilities and design flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be introduced.