|
|
|
|
|
| Posted By: |
SecurityTube_Bot
|
| Posted On: |
Mon 21 Feb 2011 |
| Views: |
4288 |
| Support SecurityTube:
|
|
|
Description: In this talk titled "FLEX, AMF 3 and BlazeDS: An Assessment", given at Blackhat USA 2008, Jacob Karlson and Kevin Stadmeyer give us a detailed view of Adobe Flex, AMF3 and BlazeDS technologies. They take us through the basics of these technologies and discuss the various security mechanisms used in them such as crossdomain.xml, Flash player sandbox, Local Shared Objects, Actionscript cookies etc. Though the talk does not demonstrate any new security vulnerabilities, it does outline the common mistakes flex programmers could make which might open up potential security holes. This also serves as a primer for various security assessment tools for flash applications such as Flash decompilers, debuggers, sniffers and proxies.
