I received, via the webappsec mailing list, an excellent presentation from Stefano Di Paola, of OWASP Italy, on Testing Flash Applications that I thought I would share:
During the 6th OWASP AppSec Conference in Italy, I presented a research about testing for security vulnerabilities in Flash applications.
Abstract:
My work describes several security flaws in Flash Applications and bad habits in ActionScript coding, by analysing real world swf applications flaws and potential vulnerabilities that could lead to client side attacks. A new kind of attack called Cross Site Flashing is also explained.
Blog Entry:
http://www.wisec.it/sectou.php?id=464dd35c8c5ad
Pdf Version:
http://www.wisec.it/docs.php?id=5
Swf Version:
http://www.wisec.it/docs.php?id=6 – Don’t worry…it’s safe.
It’s quite in depth and is worth a read by anyone who anticipates Flash applications to turn up in their auditing or testing.