[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Testing Flash Applications

From: Stefano Di Paola <stefano.dipaola@xxxxxxxx>
Subject: [WEB SECURITY] Testing Flash Applications
Date: Mon, 21 May 2007 18:01:34 +0200

--=-qOfnGZrYr8pqZBZ+743S
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

During the 6th OWASP AppSec Conference in Italy, I presented a research
about testing for security vulnerabilities in Flash applications.

Abstract:=20
My work describes several security flaws in Flash Applications and bad
habits in ActionScript coding, by analysing real world swf applications
flaws and potential vulnerabilities that could lead to client side
attacks. A new kind of attack called Cross Site Flashing is also
explained.


Blog Entry:=20
http://www.wisec.it/sectou.php?id=3D464dd35c8c5ad

Pdf Version:
http://www.wisec.it/docs.php?id=3D5

Swf Version:
http://www.wisec.it/docs.php?id=3D6


Any comment will be really appreciated.

Regards,
Stefano
--=20
...oOOo...oOOo....
Stefano Di Paola
Software & Security Engineer

Owasp Italy R&D Director

Web: www.wisec.it
..................

--=-qOfnGZrYr8pqZBZ+743S
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Questa =?ISO-8859-1?Q?=E8?= una parte del messaggio
	firmata digitalmente

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQBGUcJefSCEH5yFF2MRAjUxAJ46cLrA3iWOh+lUUwUcnBxKYrkl7wCfZX1z
lImigv47sQDWqUX7wy37f6U=
=ItSR
-----END PGP SIGNATURE-----

--=-qOfnGZrYr8pqZBZ+743S--

Prev by Date: [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
Next by Date: Re: [WEB SECURITY] noise about full-width encoding bypass?
Previous by thread: [WEB SECURITY] RE: [Full-disclosure] noise about full-width encoding bypass?
Next by thread: [WEB SECURITY] Reflection on Ryan Barnett
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site