Writing secure Flex applications  MXML tags with security restrictions  Disabling viewSourceURL  Remove sensitive information from SWF files  Input.

Slides:

Advertisements

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

Advertisements

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

Understand Database Security Concepts

By: M. Swain. Client-side refers to operations that are performed by the client in a client–server environment Typically, web browser, that runs on a.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

Server-Side vs. Client-Side Scripting Languages

Flex and ActionScript. What is Flex? Adobe Flex is a rich Internet application framework built on top of the Flash platform Applications are built using.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Martin Kruliš by Martin Kruliš (v1.0)1.

1 Forms for the Web Tom Muck

Prevent Cross-Site Scripting (XSS) attack

Dynamic Web Pages (Flash, JavaScript)

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

JavaScript, Fourth Edition

Copyright 2000 eMation SECURITY - Controlling Data Access with

Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and check boxes using HTML Add a pull-down.

JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.

Introduction.  The scripting language most often used for client-side web development.  Influenced by many programming languages, easier for nonprogrammers.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Building Secure Web Applications With ASP.Net MVC.

Web Database Programming Week 7 Session Management & Authentication.

JavaScript Syntax, how to use it in a HTML document

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Security Issues with PHP  PHP installation  PHP programming Willa Zhu & Eugene Burger.

Scripting Languages Client Side and Server Side. Examples of client side/server side Examples of client-side side include: JavaScript Jquery (uses a JavaScript.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

WEB SERVER SOFTWARE FEATURE SETS

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

PHP Security Ryan Dunn Jason Pack. Outline PHP Overview PHP Overview Common Security Issues Common Security Issues Advanced Security Issues Advanced Security.

Text INTRODUCTION TO ASP.NET. InterComm Campaign Guidelines CONFIDENTIAL Simply Server side language Simplified page development model Modular, well-factored,

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,

Zac Fenigshtien  Introduction: 3 Tier Architecture  SQL Injection ◦ Parameter Sandboxing ◦ Blacklisting, Whitelisting.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

ArcGIS for Server Security: Advanced

Database and Cloud Security

Building Secure ColdFusion Applications

Web Application Vulnerabilities

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Introduction to Dynamic Web Programming

World Wide Web policy.

Section 17.1 Section 17.2 Add an audio file using HTML

Security mechanisms and vulnerabilities in .NET

Microsoft FrontPage 2003 Illustrated Complete

Database Driven Websites

PHP: Security issues FdSc Module 109 Server side scripting and

WWW安全國立暨南國際大學資訊管理學系陳彥錚.

PHP Forms and Databases.

Lecture 27 Security I April 4, 2018 Open news web sites.

Fast-Track UiPath Developer Module 10: Sensitive Data Handling

Presentation transcript:

Writing secure Flex applications  MXML tags with security restrictions  Disabling viewSourceURL  Remove sensitive information from SWF files  Input validation  ActionScript  Using passwords.

Writing secure Flex applications MXML tags with security restrictions: Some MXML tags trigger operations that require security settings. In these cases, access rights must be granted through one of the permission- granting mechanisms such as the allowDomain() method or a crossdomain.xml file. Example: Referencing a URL that is outside the exact domain of the application that makes a request. Referencing a resource that is in a different sandbox.

Writing secure Flex applications Disabling viewSourceURL: If you enabled the view source feature by setting the value of the viewSourceURL property on the tag, you must be sure to remove it before you put your application into production.

Writing secure Flex applications Remove sensitive information from SWF files: The SWF file format is an open format, you can extract data and algorithms contained within a SWF file. This is similar to how HTML and JavaScript code can be easily viewed by users. However, SWF files make viewing the code more difficult. A SWF file is compiled and is not human-readable like HTML or JavaScript.

Writing secure Flex applications Remove sensitive information from SWF files:  Do not include sensitive information, such as user names, passwords, or SQL statements in SWF files.  Remove debug code, unused code, and comments from code before compiling to minimize the amount of information about your application that is available to someone with a decompiler or a debugger version of Flash Player.

Writing secure Flex applications Remove sensitive information from SWF files:  Do not use client-side username and password checks for authentication.  If your SWF file needs access to sensitive information, load the information into the SWF file from the server at run time. The data will not be part of the compiled SWF file and thus cannot be extracted by decompiling the SWF file. Use a secure transfer mechanism, such as SSL, when you load the data.

Writing secure Flex applications Input validation:  To keep the inputs free of malicious characters or code by enforcing input validation by using appropriate tags.( tag )  One advantage of using Flex validators is that they execute on the client, which lets you validate input data before transmitting it to the server.  Another approach to enforce input validation is to use strongly-typed, parameterized queries in your SQL code,therefore SQL server will reject the query if someone tries to inject malicious code.

Writing secure Flex applications Action Script:  Handling errors  Suppressing debug output  Using host-based authentication Some ways to try to make your use of Action Script more secure.

Writing secure Flex applications Using passwords:  Using passwords in your Flex application is a common way to protect resources from unauthorized access. Test the validity of the password on the server rather than the client, because the client has access to all the logic in the local SWF file.  To ensure that passwords are transmitted from the client to the server safely, enforce the use of SSL or some other secure transport-level protocol.

Reference  

Thank You!