Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Rich Internet Application Security
Search
Jon Rose
June 18, 2010
Technology
2
94
Rich Internet Application Security
Talk at You Sh0t the Sheriff in Sao Paulo Brazil.
Jon Rose
June 18, 2010
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Agile Security
jonrose
1
170
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
MCP ✖️ Apps SDKを触ってみた
hisuzuya
0
330
Introdução a Service Mesh usando o Istio
aeciopires
1
280
個人でデジタル庁の デザインシステムをVue.jsで 作っている話
nishiharatsubasa
3
4.8k
知覚とデザイン
rinchoku
1
480
頭部ふわふわ浄酔器
uyupun
0
110
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
tanishiking
0
170
Introduction to Bill One Development Engineer
sansan33
PRO
0
300
会社を支える Pythonという言語戦略 ~なぜPythonを主要言語にしているのか?~
curekoshimizu
3
630
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
180
様々なファイルシステム
sat
PRO
0
230
AIプロダクトのプロンプト実践テクニック / Practical Techniques for AI Product Prompts
saka2jp
0
100
事業開発におけるDify活用事例
kentarofujii
5
1.4k
Featured
See All Featured
Producing Creativity
orderedlist
PRO
347
40k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Raft: Consensus for Rubyists
vanstee
140
7.2k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Facilitating Awesome Meetings
lara
57
6.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
30
2.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
630
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
What's in a price? How to price your products and services
michaelherold
246
12k
Transcript
Breaking)and)Securing) the)RIA)Montage) Kevin)Stadmeyer) Jon)Rose)
Who)are)we?) o Consultants)at)Trustwave’s)SpiderLabs) o Background) o Network)&)App)PentesHng) o Architecture)&)Code)Review) o SDLC)Security) ))
Outline) o Overview) o RIA)Technologies) o Security)controls) o AKack)examples) o Securing)RIA)
Rich)Internet)ApplicaHons) o DefiniHon)N)I)know)it)when)I)see)it) o Typically)provides:) o Offline)mode) o File)system,)network)access) o
Quicker)responsiveness)than)tradiHonal)web)apps) o Consistent)UI)and)features)across)browsers) o Local)data)storage) o OVen)requires)dedicated)player)/)plugin) )
RIA)Technologies) o Flash/Flex/AIR) o MS)Silverlight) o AJAX) o Java/JavaFX) o
Google)Gears)
Security)Controls) o Run)apps)outside)browser) o sandboxing)
Why)AKack)RIA) o Weak)security)controls)/)insecure)development)pracHces) o Lots)of)money)to)be)made) o Credit)Cards) o IdenHty)theV) o
Blackmail)
RIA)AKack)Sampler) o RemoHng)AuthenHcaHon)/)AuthorizaHon)errors) o DecompilaHon)/)Reverse)Engineering)clients) o Insecure)client)side)storage) o Unauthorized)access)to)filesystem)or)local)network) o
User)supplied)Inputs) o Loading)Malicious)External)Content) o Sandbox)Bridges) o Insecure)default)se]ngs) o Insecure)network)communicaHon)
RemoHng)Insecurity) o Developers)fail)to)restrict)access)to)methods:) o AuthenHcaHon)) o AuthorizaHon) o Flash)remoHng)N)servers)can)be)fingerprinted,)Method)&)Service)names)can) be)bruteNforced)
)
Client)Decompilaton)/)Reverse)Engineering) o SWF)files)(can)be)decompiled))
ClientNSide)Storage) o SensiHve)info)is)oVen)stored)insecure)on)the)client) o Target)of)aKacker)once)machine)is)compromised,)leads)to)addiHonal)compromise) or)system)access) o Can)apps)access)each)others)data?))Test)this) o Flash)Cookies:)
o Hard)to)delete) ) )
Debug)FuncHonality) o OVen)inadvertently)leV)in)producHon)code) o Expose)sensiHve)informaHon,)addiHonal)funcHonality,)administraHve)capabiliHes)
User)Supplied)Parameters) o Flash)parameters) o AcHveX)params) o Adobe)AIR)arguments)
Loading)External)Content) o Can)trick)app)into)loading)malicious)content)
Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o
Sandboxes)apps)communicaHng)
Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)
Insecure)Network)CommunicaHon) o Add)wireshark)pics)
Security)Guidance)/)Best)PracHces) o Don’t)store)senHvie)info)on)clients) o Use)GUID)to)protect)client)side)data)objects) o Enforce)SSL)connecHons) o Implement)authenHcaHon)and)authorizaHon)for)remote)server)methods)
QuesHons)&)Comments) o Contact)us:) o
[email protected]
) o
[email protected]
) o Thanks!)