Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacking and defending Flash Applications. Flash Security I’ll talk about; o RIA, Web 2.0 and Security o What is Crossdomain.xml? Why does it exist?

Published byMina Hayward Modified over 10 years ago

Similar presentations

Presentation on theme: "Attacking and defending Flash Applications. Flash Security I’ll talk about; o RIA, Web 2.0 and Security o What is Crossdomain.xml? Why does it exist?"— Presentation transcript:

1 Attacking and defending Flash Applications

2 Flash Security I’ll talk about; o RIA, Web 2.0 and Security o What is Crossdomain.xml? Why does it exist? o Only problem about Flash : XSS o XSS and Impact of XSS Attacks o Attack Surface of Flash Applications  Global Parameters  External Resources o Same-origin Policy and Flash Embedding o High Security Required Applications and Flash Not going to talk about these, at least not today; o Server-side Flash Security o Attacking users via Flash o Flash Vulnerabilities

3 RIA, Web 2.0 and Security Complexity is the worst enemy of security Every new component in the browser is a new threat AJAX, Silverlight, AIR, Flash, Java, Myspace Upload ActiveX etc. All of these are potential security problems. Every new technology comes with new style of development and it takes time to have secure “best practices”.

4 Crossdomain.xml & Same-Origin Policy Same-Origin Policy o Why Cross-domain access is a bad thing?  Examples... o Cookie, XMLHTTP Requests, Javascript etc. o Flash and Crossdomain.xml

5 A Quite Naïve Crossdomain.xml File

6 Demo  Stealing information via Flash by exploiting Crossdomain.xml trust.  http://examplebank.com http://examplebank.com  http://attacker.com/ http://attacker.com/

7 XSS Tunnelling? Tunnelling HTTP tarffic through XSS channels. Allows to bypassing IP Restrictions, VPN, basic auth etc.

8 Attack Surface of Flash Global Parameters Flashvars Querystring LoadVars Configuration Files Dynamically loaded Flash Animations

9 Global Parameter Modification Who are these global parameters? _root. _global. _level0.

10 Flash Embedding Limit Flash file’s access by setting Allowscriptaccess attribute to “noaccess” while embedding an external Flash animation.

11 getURL() getURL problems getURL(“javascript:alert(1)”)

12 HTML Text Area If HTML enabled in the textareas and if the data loaded up dynamically http://example.com/XSS/riaac3.swf?_Ghtml=

13 LoadClip, xml.load Are external resources secure? Hardly coded or configuration files coming from a secure place? You should check for configuration location and should not this from the user input.

14 Flash usage in highly security required systems Why it can be a problem? Increased attack surface

15 Sum it up! You should limit Flash’s JavaScript access while embedding external Flash files.

16 Sum it Up! Loaded configurations should be coming from trusted domains, Loaded external resources should be coming from trusted domains.

17 Sum it Up! When you are using Htmltext be sure that loaded data is sanitised and encoded.

18 References, Resources and Tools Flashsec Wiki OWASP – Finding Vulnerabilities in Flash Applications SWFIntruder Flare and similar decompilers

19 Thanks...

Download ppt "Attacking and defending Flash Applications. Flash Security I’ll talk about; o RIA, Web 2.0 and Security o What is Crossdomain.xml? Why does it exist?"

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.

Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research.

© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
Same Origin Policies Hidetake Jo.

Same Origin Policies Hidetake Jo.
© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.

© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.
sample chapter warning This is just sample chapter release from https://training.zdresearch.com. This sample moved out from our flash security module.

sample chapter warning This is just sample chapter release from This sample moved out from our flash security module.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.

Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Getting data into Silverlight on SharePoint Neil Iversen

Getting data into Silverlight on SharePoint Neil Iversen
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Similar presentations

Ads by Google