Attacking and defending Flash Applications
Flash  Security <ul><ul><li>I’ll talk about; </li></ul></ul><ul><ul><ul><li>RIA, Web 2.0  and Security </li></ul></ul></ul...
RIA, Web 2.0 and Security <ul><ul><li>Complexity is the worst enemy of security  </li></ul></ul><ul><ul><li>Every new comp...
Crossdomain.xml & Same-Origin Policy <ul><ul><li>Same-Origin Policy </li></ul></ul><ul><ul><ul><li>Why Cross-domain  acces...
A Quite Naïve Crossdomain.xml File <ul><li><cross-domain-policy>     <allow-access-from domain=&quot;*&quot; secure=&quot;...
Demo <ul><li>Stealing information via Flash by exploiting  Crossdomain.xml  trust. </li></ul><ul><li>http: //e xamplebank....
XSS Tunnelling? <ul><li>Tunnelling HTTP tarffic through XSS channels. Allows to bypassing IP Restrictions, VPN, basic auth...
Attack Surface of Flash <ul><ul><li>Global Parameters </li></ul></ul><ul><ul><li>Flashvars </li></ul></ul><ul><ul><li>Quer...
Global  Parameter Modification <ul><ul><li>Who are these  global parameter s? </li></ul></ul><ul><ul><ul><li>_root. </li><...
Flash Embedding <ul><ul><li>Limit Flash file’s access by setting  Allowscriptaccess  attribute to  “noaccess”  while embed...
getURL() <ul><ul><li>getURL  problems </li></ul></ul><ul><ul><li>getURL( “ javascript: alert(1)” ) </li></ul></ul>
HTML Text Area <ul><ul><li>If HTML enabled in the textareas and if the data loaded up dynamically </li></ul></ul><ul><ul><...
LoadClip, xml.load <ul><ul><li>Are external resources secure? Hardly coded or configuration files coming from a secure pla...
Flash usage in highly security required systems <ul><ul><li>Why it can be a problem? </li></ul></ul><ul><ul><li>Increased ...
Sum it up! <ul><ul><li>You should limit Flash’s JavaScript access while embedding external Flash files. </li></ul></ul>
Sum it Up! <ul><ul><li>Loaded configurations should be coming from trusted domains,  </li></ul></ul><ul><ul><li>Loaded ext...
Sum it Up! <ul><ul><li>When you are using  Htmltext  be sure that loaded data is sanitised and encoded. </li></ul></ul>
References, Resources and Tools <ul><ul><li>Flashsec Wiki </li></ul></ul><ul><ul><li>OWASP – Finding Vulnerabilities in Fl...
Thanks ...
Upcoming SlideShare
Loading in...5
×

Flash Security

1,560

Published on

Attacking and Defending Flash Applications.

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,560
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
58
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide
  • Flash Security

    1. 1. Attacking and defending Flash Applications
    2. 2. Flash Security <ul><ul><li>I’ll talk about; </li></ul></ul><ul><ul><ul><li>RIA, Web 2.0 and Security </li></ul></ul></ul><ul><ul><ul><li>What is Crossdomain.xml? Why does it exist? </li></ul></ul></ul><ul><ul><ul><li>Only problem about Flash : XSS </li></ul></ul></ul><ul><ul><ul><li>XSS and Impact of XSS Attacks </li></ul></ul></ul><ul><ul><ul><li>Attack Surface of Flash Applications </li></ul></ul></ul><ul><ul><ul><ul><li>  Global Parameters </li></ul></ul></ul></ul><ul><ul><ul><ul><li>  External Resources </li></ul></ul></ul></ul><ul><ul><ul><li>Same-origin Policy and Flash Embedding </li></ul></ul></ul><ul><ul><ul><li>High Security Required Applications and Flash </li></ul></ul></ul><ul><ul><li>Not going to talk about these, at least not today; </li></ul></ul><ul><ul><ul><li>Server-side Flash Security </li></ul></ul></ul><ul><ul><ul><li>Attacking users via Flash </li></ul></ul></ul><ul><ul><ul><li>Flash Vulnerabilities </li></ul></ul></ul>
    3. 3. RIA, Web 2.0 and Security <ul><ul><li>Complexity is the worst enemy of security </li></ul></ul><ul><ul><li>Every new component in the browser is a new threat </li></ul></ul><ul><ul><li>AJAX, Silverlight, AIR, Flash, Java, Myspace Upload ActiveX etc. All of these are potential security problems. </li></ul></ul><ul><ul><li>Every new technology comes with new style of development and it takes time to have secure “best practices”. </li></ul></ul>
    4. 4. Crossdomain.xml & Same-Origin Policy <ul><ul><li>Same-Origin Policy </li></ul></ul><ul><ul><ul><li>Why Cross-domain access is a bad thing? </li></ul></ul></ul><ul><ul><ul><ul><li>Examples ... </li></ul></ul></ul></ul><ul><ul><ul><li>Cookie, XMLHTTP Requests, Javascript etc. </li></ul></ul></ul><ul><ul><ul><li>Flash and Crossdomain.xml </li></ul></ul></ul>
    5. 5. A Quite Naïve Crossdomain.xml File <ul><li><cross-domain-policy>     <allow-access-from domain=&quot;*&quot; secure=&quot;false&quot;/> </cross-domain-policy> </li></ul>
    6. 6. Demo <ul><li>Stealing information via Flash by exploiting Crossdomain.xml trust. </li></ul><ul><li>http: //e xamplebank.com </li></ul><ul><li>http://attacker.com/ </li></ul>
    7. 7. XSS Tunnelling? <ul><li>Tunnelling HTTP tarffic through XSS channels. Allows to bypassing IP Restrictions, VPN, basic auth etc. </li></ul>
    8. 8. Attack Surface of Flash <ul><ul><li>Global Parameters </li></ul></ul><ul><ul><li>Flashvars </li></ul></ul><ul><ul><li>Querystring </li></ul></ul><ul><ul><li>LoadVars </li></ul></ul><ul><ul><li>Configuration Files </li></ul></ul><ul><ul><li>Dynamically loaded Flash Animations </li></ul></ul>
    9. 9. Global Parameter Modification <ul><ul><li>Who are these global parameter s? </li></ul></ul><ul><ul><ul><li>_root. </li></ul></ul></ul><ul><ul><ul><li>_global. </li></ul></ul></ul><ul><ul><ul><li>_level0. </li></ul></ul></ul>
    10. 10. Flash Embedding <ul><ul><li>Limit Flash file’s access by setting Allowscriptaccess attribute to “noaccess” while embedding an external Flash animation. </li></ul></ul>
    11. 11. getURL() <ul><ul><li>getURL problems </li></ul></ul><ul><ul><li>getURL( “ javascript: alert(1)” ) </li></ul></ul>
    12. 12. HTML Text Area <ul><ul><li>If HTML enabled in the textareas and if the data loaded up dynamically </li></ul></ul><ul><ul><li>http://example.com/XSS/riaac3.swf?_Ghtml=<img%20src=&quot;javascript:alert(1)//.jpg&quot;> </li></ul></ul>
    13. 13. LoadClip, xml.load <ul><ul><li>Are external resources secure? Hardly coded or configuration files coming from a secure place? </li></ul></ul><ul><ul><li>You should check for configuration location and should not this from the user input. </li></ul></ul>
    14. 14. Flash usage in highly security required systems <ul><ul><li>Why it can be a problem? </li></ul></ul><ul><ul><li>Increased attack surface </li></ul></ul>
    15. 15. Sum it up! <ul><ul><li>You should limit Flash’s JavaScript access while embedding external Flash files. </li></ul></ul>
    16. 16. Sum it Up! <ul><ul><li>Loaded configurations should be coming from trusted domains, </li></ul></ul><ul><ul><li>Loaded external resources should be coming from trusted domains. </li></ul></ul>
    17. 17. Sum it Up! <ul><ul><li>When you are using Htmltext be sure that loaded data is sanitised and encoded. </li></ul></ul>
    18. 18. References, Resources and Tools <ul><ul><li>Flashsec Wiki </li></ul></ul><ul><ul><li>OWASP – Finding Vulnerabilities in Flash Applications </li></ul></ul><ul><ul><li>SWFIntruder </li></ul></ul><ul><ul><li>Flare and similar decompiler s </li></ul></ul>
    19. 19. Thanks ...
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×