SlideShare a Scribd company logo

Flash Security, OWASP Chennai

Download as PPT, PDF
L
lavakumark
TechnologyBusiness
1 of 29
Test.Security(Flash); Lavakumar K GISA, Royal Bank of Scotland Lavakumar[dot]in[at]gmail[dot]com 21 st March, 2009
About me: ,[object Object],[object Object],[object Object],[object Object],[object Object]
Imagine you are testing a web application and it has flash content. What would you do? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object]
What is Flash ,[object Object],[object Object],[object Object],[object Object]
The moment of truth ,[object Object]
Logic in Flash ,[object Object],[object Object],[object Object],[object Object],[object Object]
Flash is powerful ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Areas of focus ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
_global and _root objects ,[object Object],[object Object],[object Object],[object Object]
Example: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cross-site scripting ,[object Object],[object Object],[object Object],[object Object],[object Object]
Vulnerable functions a.k.a PDNF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other means of Cross-site scripting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cross-site flashing (XSF) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cross Domain concerns ,[object Object],[object Object],[object Object],[object Object]
Crossdomain.xml ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How it works User is logged in to www.a.com User visits www.b.com and a SWF file is loaded www.a.com Web server Browser http://www.a.com/profile.jsp www.a.com Cookie HTTP 200 OK : profile.jsp
Crossdomain.xml ,[object Object],[object Object],[object Object],[object Object],[object Object]
Allowscript access ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What it does ,[object Object],[object Object],[object Object],[object Object],[object Object]
Localconnection ,[object Object],[object Object],[object Object],[object Object]
Security.allowDomain() ,[object Object],[object Object],[object Object],[object Object]
Sensitive data storage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Flash decompilation with Flare ,[object Object],[object Object],[object Object],class Demo { static var app : Demo; function Demo() { var username = "administrator"; var password = "p@ssw0rd"; //--------------------------cut here -------------------------- movie 'talk.swf' { // flash 7, total frames: 1, frame rate: 20 fps, 800x600 px, compressed movieClip 20480 __Packages.Demo { #initclip if (!Demo) { _global.Demo = function () { var v2 = 'administrator'; var v3 = 'p@ssw0rd'; }; //--------------------------cut here --------------------------
Encryption in Flash ,[object Object],[object Object],[object Object],[object Object],[object Object]
Attacking the server ,[object Object],[object Object],[object Object],[object Object]
Credits, References and further reading ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Thank You

Recommended

Even Faster Web Sites at jQuery Conference '09
Even Faster Web Sites at jQuery Conference '09Even Faster Web Sites at jQuery Conference '09
Even Faster Web Sites at jQuery Conference '09Steve Souders
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314guestcabcf63
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验yiditushe
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Appsguestb0af15
 
WPDay Bologna 2013
WPDay Bologna 2013WPDay Bologna 2013
WPDay Bologna 2013Danilo Ercoli
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationNikhil Jain
 
Fast by Default
Fast by DefaultFast by Default
Fast by DefaultAbhay Kumar
 
Widget Summit 2008
Widget Summit 2008Widget Summit 2008
Widget Summit 2008Volkan Unsal
 

Recommended

Even Faster Web Sites at jQuery Conference '09
Even Faster Web Sites at jQuery Conference '09Even Faster Web Sites at jQuery Conference '09
Even Faster Web Sites at jQuery Conference '09Steve Souders
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314guestcabcf63
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验yiditushe
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Appsguestb0af15
 
WPDay Bologna 2013
WPDay Bologna 2013WPDay Bologna 2013
WPDay Bologna 2013Danilo Ercoli
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationNikhil Jain
 
Fast by Default
Fast by DefaultFast by Default
Fast by DefaultAbhay Kumar
 
Widget Summit 2008
Widget Summit 2008Widget Summit 2008
Widget Summit 2008Volkan Unsal
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Fav
FavFav
Favhelloppt
 
Beginners PHP Tutorial
Beginners PHP TutorialBeginners PHP Tutorial
Beginners PHP Tutorialalexjones89
 
Building Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSocketsBuilding Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSocketsBen Limmer
 
Taking HTML5 video a step further
Taking HTML5 video a step furtherTaking HTML5 video a step further
Taking HTML5 video a step furtherSilvia Pfeiffer
 
JavaFX vs AJAX vs Flex
JavaFX vs AJAX vs FlexJavaFX vs AJAX vs Flex
JavaFX vs AJAX vs FlexCraig Dickson
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
The Basics Of Page Creation
The Basics Of Page CreationThe Basics Of Page Creation
The Basics Of Page CreationWildan Maulana
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 
Take Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLITake Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLIDiana Thompson
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialComputer Hardware & Trouble shooting
 
Video.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video PlayerVideo.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video Playersteveheffernan
 
Build restful ap is with python and flask
Build restful ap is with python and flaskBuild restful ap is with python and flask
Build restful ap is with python and flaskJeetendra singh
 
Html5 Open Video Tutorial
Html5 Open Video TutorialHtml5 Open Video Tutorial
Html5 Open Video TutorialSilvia Pfeiffer
 
Grails and Dojo
Grails and DojoGrails and Dojo
Grails and DojoSven Haiges
 
Fighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnitFighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnitJames Fuller
 
Client-side JavaScript Vulnerabilities
Client-side JavaScript VulnerabilitiesClient-side JavaScript Vulnerabilities
Client-side JavaScript VulnerabilitiesOry Segal
 
The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014Tommie Gannert
 
Html5 examples
Html5 examplesHtml5 examples
Html5 examplesSathyaseelanK1
 
淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)Taien Wang
 
伺服器端攻擊與防禦II
伺服器端攻擊與防禦II伺服器端攻擊與防禦II
伺服器端攻擊與防禦IITaien Wang
 

More Related Content

What's hot

PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Beginners PHP Tutorial
Beginners PHP TutorialBeginners PHP Tutorial
Beginners PHP Tutorialalexjones89
 
Building Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSocketsBuilding Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSocketsBen Limmer
 
Taking HTML5 video a step further
Taking HTML5 video a step furtherTaking HTML5 video a step further
Taking HTML5 video a step furtherSilvia Pfeiffer
 
JavaFX vs AJAX vs Flex
JavaFX vs AJAX vs FlexJavaFX vs AJAX vs Flex
JavaFX vs AJAX vs FlexCraig Dickson
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
The Basics Of Page Creation
The Basics Of Page CreationThe Basics Of Page Creation
The Basics Of Page CreationWildan Maulana
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 
Take Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLITake Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLIDiana Thompson
 
Video.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video PlayerVideo.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video Playersteveheffernan
 
Build restful ap is with python and flask
Build restful ap is with python and flaskBuild restful ap is with python and flask
Build restful ap is with python and flaskJeetendra singh
 
Html5 Open Video Tutorial
Html5 Open Video TutorialHtml5 Open Video Tutorial
Html5 Open Video TutorialSilvia Pfeiffer
 
Fighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnitFighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnitJames Fuller
 
Client-side JavaScript Vulnerabilities
Client-side JavaScript VulnerabilitiesClient-side JavaScript Vulnerabilities
Client-side JavaScript VulnerabilitiesOry Segal
 
The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014Tommie Gannert
 

What's hot (20)

PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
 
Fav
FavFav
Fav
 
Beginners PHP Tutorial
Beginners PHP TutorialBeginners PHP Tutorial
Beginners PHP Tutorial
 
Building Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSocketsBuilding Realtime Apps with Ember.js and WebSockets
Building Realtime Apps with Ember.js and WebSockets
 
Taking HTML5 video a step further
Taking HTML5 video a step furtherTaking HTML5 video a step further
Taking HTML5 video a step further
 
JavaFX vs AJAX vs Flex
JavaFX vs AJAX vs FlexJavaFX vs AJAX vs Flex
JavaFX vs AJAX vs Flex
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
The Basics Of Page Creation
The Basics Of Page CreationThe Basics Of Page Creation
The Basics Of Page Creation
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07
 
Take Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLITake Command of WordPress With WP-CLI
Take Command of WordPress With WP-CLI
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP Tutorials
 
Php tutorial
Php tutorialPhp tutorial
Php tutorial
 
Video.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video PlayerVideo.js - How to build and HTML5 Video Player
Video.js - How to build and HTML5 Video Player
 
Build restful ap is with python and flask
Build restful ap is with python and flaskBuild restful ap is with python and flask
Build restful ap is with python and flask
 
Html5 Open Video Tutorial
Html5 Open Video TutorialHtml5 Open Video Tutorial
Html5 Open Video Tutorial
 
Grails and Dojo
Grails and DojoGrails and Dojo
Grails and Dojo
 
Fighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnitFighting Fear-Driven-Development With PHPUnit
Fighting Fear-Driven-Development With PHPUnit
 
Client-side JavaScript Vulnerabilities
Client-side JavaScript VulnerabilitiesClient-side JavaScript Vulnerabilities
Client-side JavaScript Vulnerabilities
 
The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014The Structure of Web Code: A Case For Polymer, November 1, 2014
The Structure of Web Code: A Case For Polymer, November 1, 2014
 
Html5 examples
Html5 examplesHtml5 examples
Html5 examples
 

Viewers also liked

淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)Taien Wang
 
伺服器端攻擊與防禦II
伺服器端攻擊與防禦II伺服器端攻擊與防禦II
伺服器端攻擊與防禦IITaien Wang
 
基礎網頁程式攻擊檢驗
基礎網頁程式攻擊檢驗基礎網頁程式攻擊檢驗
基礎網頁程式攻擊檢驗Taien Wang
 
Top security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themTop security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themElad Elrom
 
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra滲透測試 Talk @ Nisra
滲透測試 Talk @ NisraOrange Tsai
 
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享Ying-Chun Cheng
 

Viewers also liked (6)

淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)淡江大學 - ios+android+html5(javascript)
淡江大學 - ios+android+html5(javascript)
 
伺服器端攻擊與防禦II
伺服器端攻擊與防禦II伺服器端攻擊與防禦II
伺服器端攻擊與防禦II
 
基礎網頁程式攻擊檢驗
基礎網頁程式攻擊檢驗基礎網頁程式攻擊檢驗
基礎網頁程式攻擊檢驗
 
Top security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themTop security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid them
 
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra
 
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
 

Similar to Flash Security, OWASP Chennai

A I R Presentation Dev Camp Feb 08
A I R Presentation Dev Camp Feb 08A I R Presentation Dev Camp Feb 08
A I R Presentation Dev Camp Feb 08Abdul Qabiz
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moondavejohnson
 
SXSW: Even Faster Web Sites
SXSW: Even Faster Web SitesSXSW: Even Faster Web Sites
SXSW: Even Faster Web SitesSteve Souders
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceSaumil Shah
 
Testable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTestable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTimothy Oxley
 
Ruby & Python with Silverlight O RLY? YA RLY!
Ruby & Python with Silverlight O RLY? YA RLY!Ruby & Python with Silverlight O RLY? YA RLY!
Ruby & Python with Silverlight O RLY? YA RLY!Martha Rotter
 
Flex_rest_optimization
Flex_rest_optimizationFlex_rest_optimization
Flex_rest_optimizationKhou Suylong
 
Silver Light By Nyros Developer
Silver Light By Nyros DeveloperSilver Light By Nyros Developer
Silver Light By Nyros DeveloperNyros Technologies
 
Leveraging BlazeDS, Java, and Flex: Dynamic Data Transfer
Leveraging BlazeDS, Java, and Flex: Dynamic Data TransferLeveraging BlazeDS, Java, and Flex: Dynamic Data Transfer
Leveraging BlazeDS, Java, and Flex: Dynamic Data TransferJoseph Labrecque
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Profiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindProfiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindSam Keen
 
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …goodfriday
 
Web20expo 20080425
Web20expo 20080425Web20expo 20080425
Web20expo 20080425Media Gorod
 
ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingGilbert Guerrero
 
Rey Bango - HTML5: polyfills and shims
Rey Bango - HTML5: polyfills and shimsRey Bango - HTML5: polyfills and shims
Rey Bango - HTML5: polyfills and shimsStarTech Conference
 

Similar to Flash Security, OWASP Chennai (20)

A I R Presentation Dev Camp Feb 08
A I R Presentation Dev Camp Feb 08A I R Presentation Dev Camp Feb 08
A I R Presentation Dev Camp Feb 08
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moon
 
Flash And Dom
Flash And DomFlash And Dom
Flash And Dom
 
Oscon 20080724
Oscon 20080724Oscon 20080724
Oscon 20080724
 
SXSW: Even Faster Web Sites
SXSW: Even Faster Web SitesSXSW: Even Faster Web Sites
SXSW: Even Faster Web Sites
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
 
Testable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTestable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascript
 
Ruby & Python with Silverlight O RLY? YA RLY!
Ruby & Python with Silverlight O RLY? YA RLY!Ruby & Python with Silverlight O RLY? YA RLY!
Ruby & Python with Silverlight O RLY? YA RLY!
 
Flex_rest_optimization
Flex_rest_optimizationFlex_rest_optimization
Flex_rest_optimization
 
Silver Light By Nyros Developer
Silver Light By Nyros DeveloperSilver Light By Nyros Developer
Silver Light By Nyros Developer
 
A look into A-Frame
A look into A-FrameA look into A-Frame
A look into A-Frame
 
Leveraging BlazeDS, Java, and Flex: Dynamic Data Transfer
Leveraging BlazeDS, Java, and Flex: Dynamic Data TransferLeveraging BlazeDS, Java, and Flex: Dynamic Data Transfer
Leveraging BlazeDS, Java, and Flex: Dynamic Data Transfer
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
 
Profiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindProfiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / Webgrind
 
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …
A First Look at Windows Presentation Foundation Everywhere (WPF/E): a Cross …
 
Web20expo 20080425
Web20expo 20080425Web20expo 20080425
Web20expo 20080425
 
Google Gears
Google GearsGoogle Gears
Google Gears
 
ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: Publishing
 
Rey Bango - HTML5: polyfills and shims
Rey Bango - HTML5: polyfills and shimsRey Bango - HTML5: polyfills and shims
Rey Bango - HTML5: polyfills and shims
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Flash Security, OWASP Chennai

  • 1. Test.Security(Flash); Lavakumar K GISA, Royal Bank of Scotland Lavakumar[dot]in[at]gmail[dot]com 21 st March, 2009
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. How it works User is logged in to www.a.com User visits www.b.com and a SWF file is loaded www.a.com Web server Browser http://www.a.com/profile.jsp www.a.com Cookie HTTP 200 OK : profile.jsp
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.