Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Rich Internet Application Security
Search
Jon Rose
June 18, 2010
Technology
100
2
Share
Rich Internet Application Security
Talk at You Sh0t the Sheriff in Sao Paulo Brazil.
Jon Rose
June 18, 2010
More Decks by Jon Rose
See All by Jon Rose
Agile Security
jonrose
1
180
Decoding Bug Bounty Programs
jonrose
1
540
Builders Vs. Breakers AppSec 2012
jonrose
2
230
Dynamic App Patching
jonrose
2
96
Cloudy with a chance of 0-day
jonrose
1
86
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
210
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
150
CodeSearch0day
jonrose
1
71
Other Decks in Technology
See All in Technology
AgentCore Managed Harness を使ってみよう
yakumo
2
230
20260428_Product Management Summit_Loglass_JoeHirose
loglassjoe
3
3.7k
UIライブラリに依存しすぎないReact Native設計を目指して
grandbig
0
140
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
79k
巨大プラットフォームを進化させる「第3のROI」
recruitengineers
PRO
2
1.2k
The Journey of Box Building
tagomoris
4
3.4k
Good Enough Types: Heuristic Type Inference for Ruby
riseshia
1
310
20年前の「OSS革命」に学ぶ AI時代の生存戦略
samakada
0
480
コードや知識を組み込む / Incorporate Code and Knowledge
ks91
PRO
0
170
ハーネスエンジニアリングをやりすぎた話 ~そのハーネスは解体された~
gotalab555
5
1.8k
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
nash_efp
3
440
[最強DB講義]推薦システム | 評価編
recsyslab
PRO
0
110
Featured
See All Featured
Ruling the World: When Life Gets Gamed
codingconduct
0
210
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
810
Into the Great Unknown - MozCon
thekraken
41
2.4k
Making the Leap to Tech Lead
cromwellryan
135
9.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
AI: The stuff that nobody shows you
jnunemaker
PRO
6
580
Art, The Web, and Tiny UX
lynnandtonic
304
21k
My Coaching Mixtape
mlcsv
0
110
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.7k
Deep Space Network (abreviated)
tonyrice
0
120
Transcript
Breaking)and)Securing) the)RIA)Montage) Kevin)Stadmeyer) Jon)Rose)
Who)are)we?) o Consultants)at)Trustwave’s)SpiderLabs) o Background) o Network)&)App)PentesHng) o Architecture)&)Code)Review) o SDLC)Security) ))
Outline) o Overview) o RIA)Technologies) o Security)controls) o AKack)examples) o Securing)RIA)
Rich)Internet)ApplicaHons) o DefiniHon)N)I)know)it)when)I)see)it) o Typically)provides:) o Offline)mode) o File)system,)network)access) o
Quicker)responsiveness)than)tradiHonal)web)apps) o Consistent)UI)and)features)across)browsers) o Local)data)storage) o OVen)requires)dedicated)player)/)plugin) )
RIA)Technologies) o Flash/Flex/AIR) o MS)Silverlight) o AJAX) o Java/JavaFX) o
Google)Gears)
Security)Controls) o Run)apps)outside)browser) o sandboxing)
Why)AKack)RIA) o Weak)security)controls)/)insecure)development)pracHces) o Lots)of)money)to)be)made) o Credit)Cards) o IdenHty)theV) o
Blackmail)
RIA)AKack)Sampler) o RemoHng)AuthenHcaHon)/)AuthorizaHon)errors) o DecompilaHon)/)Reverse)Engineering)clients) o Insecure)client)side)storage) o Unauthorized)access)to)filesystem)or)local)network) o
User)supplied)Inputs) o Loading)Malicious)External)Content) o Sandbox)Bridges) o Insecure)default)se]ngs) o Insecure)network)communicaHon)
RemoHng)Insecurity) o Developers)fail)to)restrict)access)to)methods:) o AuthenHcaHon)) o AuthorizaHon) o Flash)remoHng)N)servers)can)be)fingerprinted,)Method)&)Service)names)can) be)bruteNforced)
)
Client)Decompilaton)/)Reverse)Engineering) o SWF)files)(can)be)decompiled))
ClientNSide)Storage) o SensiHve)info)is)oVen)stored)insecure)on)the)client) o Target)of)aKacker)once)machine)is)compromised,)leads)to)addiHonal)compromise) or)system)access) o Can)apps)access)each)others)data?))Test)this) o Flash)Cookies:)
o Hard)to)delete) ) )
Debug)FuncHonality) o OVen)inadvertently)leV)in)producHon)code) o Expose)sensiHve)informaHon,)addiHonal)funcHonality,)administraHve)capabiliHes)
User)Supplied)Parameters) o Flash)parameters) o AcHveX)params) o Adobe)AIR)arguments)
Loading)External)Content) o Can)trick)app)into)loading)malicious)content)
Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o
Sandboxes)apps)communicaHng)
Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)
Insecure)Network)CommunicaHon) o Add)wireshark)pics)
Security)Guidance)/)Best)PracHces) o Don’t)store)senHvie)info)on)clients) o Use)GUID)to)protect)client)side)data)objects) o Enforce)SSL)connecHons) o Implement)authenHcaHon)and)authorizaHon)for)remote)server)methods)
QuesHons)&)Comments) o Contact)us:) o
[email protected]
) o
[email protected]
) o Thanks!)
jonrose
yakumo
loglassjoe
grandbig
cybozuinsideout
recruitengineers
tagomoris
riseshia
samakada
ks91
gotalab555
nash_efp
recsyslab
codingconduct
aki_iinuma
bluesmoon
thekraken
cromwellryan
eileencodes
jnunemaker
lynnandtonic
mlcsv
addyosmani
thoeni
tonyrice
![Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_14.jpg){kind=link}
![Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_15.jpg){kind=link}
![QuesHons)&)Comments) o Contact)us:) o [email protected]) o [email protected]) o Thanks!)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_18.jpg){kind=link}