Camp 2007 - 1.01

Chaos Communication Camp 2007
To infinity and beyond

Day 2
Room Shelter Bar
Start time 17:00
Duration 01:00
ID 1994
Event type Lecture
Track Hacking
Language English

Testing and Exploiting Flash Applications

Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past.

The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.

Archived page - Impressum/Datenschutz