[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Query:Vulnerability assessment of Flash web application
- From: Josh Amishav-Zlatin <josh@xxxxxxxx>
- Subject: Re: [WEB SECURITY] Query:Vulnerability assessment of Flash web application
- Date: Tue, 25 Mar 2008 23:21:59 +0200
On Tue, Mar 25, 2008 at 05:35:04AM +0530, Surendra Upadhyay wrote:
> Dear Group,
> Anybody guide me, How to do vulnerability assessment of Flash web
> application manually and suggest free tools to do VAPT.
1. Use your web proxy to get a sense of which functionality is
implemented locally in the flash file and what requires server side
processing.
Take particular notice of sensitive data that is transmitted
unencoded. You may be able to just modify the data in transit without
step 2.
2. Try using flasm (to obtain the decompiled bytecode) and / or flare
(to obtain the decompiled ActionScript) to decompile the swf file to
get a sense of the logic and client side controls implemented. Based on
the flash's functionality make appropriate changes, recompile and run
your hacked version locally.
--
- Josh
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|