SecurityTube

Description: In this Blackhat 2009 talk titled "Blinded by Flash: Widespread Security Risks Flash Developers Don't See" Prajakta Jagdale describes the attack surface flash applications have based on various things developers overlook. In this presentation she talks about the basic cross domain security model between flash applets, Cross Site Scripting attacks on Flash applications, Data injection attacks, Flash malware, decompilation of Flash swf files, code and binary obfuscation and many other attack vectors which a malicious attacker could use to hack Flash applications. The talk also saw the release of the SWFScan tool which is a decompiler for Flash applications. Additionally, it can also run various code vulnerability assessments using static analysis on the decompiled flash swf code.

A high resolution video of the talk is available for download here. The presentation for the talk is available here.