Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Rich Internet Application Security
Search
Jon Rose
June 18, 2010
Technology
2
96
Rich Internet Application Security
Talk at You Sh0t the Sheriff in Sao Paulo Brazil.
Jon Rose
June 18, 2010
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Agile Security
jonrose
1
180
Decoding Bug Bounty Programs
jonrose
1
530
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Dynamic App Patching
jonrose
2
88
Cloudy with a chance of 0-day
jonrose
1
76
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
210
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
150
CodeSearch0day
jonrose
1
65
Other Decks in Technology
See All in Technology
クラウドセキュリティの進化 — AWSの20年を振り返る
kei4eva4
0
150
ドメイン駆動セキュリティへの道しるべ
pandayumi
0
160
「全社導入」は結果。1人の熱狂が組織に伝播したmikanのn8n活用
sota_mikami
0
260
AWS Network Firewall Proxyで脱Squid運用⁈
nnydtmg
1
140
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.7k
ALB「証明書上限問題」からの脱却
nishiokashinji
0
240
Riverpod3.xで実現する実践的UI実装
fumiyasac0921
1
140
The Engineer with a Three-Year Cycle
e99h2121
0
160
Behind the Stream - How AbemaTV Engineers Build Video Apps at Scale
ygoto3
0
120
Proxmoxで作る自宅クラウド入門
koinunopochi
0
170
サラリーマンソフトウェアエンジニアのキャリア
yuheinakasaka
42
20k
それぞれのペースでやっていく Bet AI / Bet AI at Your Own Pace
yuyatakeyama
1
350
Featured
See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.4k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
260
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
290
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
115
100k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Chasing Engaging Ingredients in Design
codingconduct
0
97
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
82
Statistics for Hackers
jakevdp
799
230k
Leo the Paperboy
mayatellez
4
1.3k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
890
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
110
Transcript
Breaking)and)Securing) the)RIA)Montage) Kevin)Stadmeyer) Jon)Rose)
Who)are)we?) o Consultants)at)Trustwave’s)SpiderLabs) o Background) o Network)&)App)PentesHng) o Architecture)&)Code)Review) o SDLC)Security) ))
Outline) o Overview) o RIA)Technologies) o Security)controls) o AKack)examples) o Securing)RIA)
Rich)Internet)ApplicaHons) o DefiniHon)N)I)know)it)when)I)see)it) o Typically)provides:) o Offline)mode) o File)system,)network)access) o
Quicker)responsiveness)than)tradiHonal)web)apps) o Consistent)UI)and)features)across)browsers) o Local)data)storage) o OVen)requires)dedicated)player)/)plugin) )
RIA)Technologies) o Flash/Flex/AIR) o MS)Silverlight) o AJAX) o Java/JavaFX) o
Google)Gears)
Security)Controls) o Run)apps)outside)browser) o sandboxing)
Why)AKack)RIA) o Weak)security)controls)/)insecure)development)pracHces) o Lots)of)money)to)be)made) o Credit)Cards) o IdenHty)theV) o
Blackmail)
RIA)AKack)Sampler) o RemoHng)AuthenHcaHon)/)AuthorizaHon)errors) o DecompilaHon)/)Reverse)Engineering)clients) o Insecure)client)side)storage) o Unauthorized)access)to)filesystem)or)local)network) o
User)supplied)Inputs) o Loading)Malicious)External)Content) o Sandbox)Bridges) o Insecure)default)se]ngs) o Insecure)network)communicaHon)
RemoHng)Insecurity) o Developers)fail)to)restrict)access)to)methods:) o AuthenHcaHon)) o AuthorizaHon) o Flash)remoHng)N)servers)can)be)fingerprinted,)Method)&)Service)names)can) be)bruteNforced)
)
Client)Decompilaton)/)Reverse)Engineering) o SWF)files)(can)be)decompiled))
ClientNSide)Storage) o SensiHve)info)is)oVen)stored)insecure)on)the)client) o Target)of)aKacker)once)machine)is)compromised,)leads)to)addiHonal)compromise) or)system)access) o Can)apps)access)each)others)data?))Test)this) o Flash)Cookies:)
o Hard)to)delete) ) )
Debug)FuncHonality) o OVen)inadvertently)leV)in)producHon)code) o Expose)sensiHve)informaHon,)addiHonal)funcHonality,)administraHve)capabiliHes)
User)Supplied)Parameters) o Flash)parameters) o AcHveX)params) o Adobe)AIR)arguments)
Loading)External)Content) o Can)trick)app)into)loading)malicious)content)
Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o
Sandboxes)apps)communicaHng)
Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)
Insecure)Network)CommunicaHon) o Add)wireshark)pics)
Security)Guidance)/)Best)PracHces) o Don’t)store)senHvie)info)on)clients) o Use)GUID)to)protect)client)side)data)objects) o Enforce)SSL)connecHons) o Implement)authenHcaHon)and)authorizaHon)for)remote)server)methods)
QuesHons)&)Comments) o Contact)us:) o
[email protected]
) o
[email protected]
) o Thanks!)
jonrose
kei4eva4
pandayumi
sota_mikami
nnydtmg
sansan33
nishiokashinji
fumiyasac0921
e99h2121
ygoto3
.jpeg){kind=avatar}
koinunopochi
yuheinakasaka
yuyatakeyama
tammyeverts
portentint
reverentgeek
twada
jlugia
codingconduct
danielanewman
tmiket
jakevdp
mayatellez
tamaranovitovic
sarafernandez
![Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_14.jpg){kind=link}
![Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_15.jpg){kind=link}
![QuesHons)&)Comments) o Contact)us:) o [email protected]) o [email protected]) o Thanks!)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_18.jpg){kind=link}