Camp 2007 - 1.01
Chaos Communication Camp 2007
To infinity and beyond
| Speakers | |
|---|---|
|
fukami |
| Schedule | |
|---|---|
| Day | 2 |
| Room | Shelter Bar |
| Start time | 17:00 |
| Duration | 01:00 |
| Info | |
| ID | 1994 |
| Event type | Lecture |
| Track | Hacking |
| Language | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Testing and Exploiting Flash Applications
Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past.
The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.