Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Rich Internet Application Security
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jon Rose
June 18, 2010
Technology
2
97
Rich Internet Application Security
Talk at You Sh0t the Sheriff in Sao Paulo Brazil.
Jon Rose
June 18, 2010
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Agile Security
jonrose
1
180
Decoding Bug Bounty Programs
jonrose
1
530
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Dynamic App Patching
jonrose
2
92
Cloudy with a chance of 0-day
jonrose
1
76
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
210
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
150
CodeSearch0day
jonrose
1
66
Other Decks in Technology
See All in Technology
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
410
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
370
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
170
Context Engineeringの取り組み
nutslove
0
290
使いにくいの壁を突破する
sansantech
PRO
1
120
あたらしい上流工程の形。 0日導入からはじめるAI駆動PM
kumaiu
5
760
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
130
Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた
usanchuu
3
440
GitLab Duo Agent Platform × AGENTS.md で実現するSpec-Driven Development / GitLab Duo Agent Platform × AGENTS.md
n11sh1
0
120
プロポーザルに込める段取り八分
shoheimitani
1
170
生成AI時代にこそ求められるSRE / SRE for Gen AI era
ymotongpoo
5
2.7k
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.3k
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
280
Building the Perfect Custom Keyboard
takai
2
680
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Being A Developer After 40
akosma
91
590k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
0
270
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
The Spectacular Lies of Maps
axbom
PRO
1
520
So, you think you're a good person
axbom
PRO
2
1.9k
Transcript
Breaking)and)Securing) the)RIA)Montage) Kevin)Stadmeyer) Jon)Rose)
Who)are)we?) o Consultants)at)Trustwave’s)SpiderLabs) o Background) o Network)&)App)PentesHng) o Architecture)&)Code)Review) o SDLC)Security) ))
Outline) o Overview) o RIA)Technologies) o Security)controls) o AKack)examples) o Securing)RIA)
Rich)Internet)ApplicaHons) o DefiniHon)N)I)know)it)when)I)see)it) o Typically)provides:) o Offline)mode) o File)system,)network)access) o
Quicker)responsiveness)than)tradiHonal)web)apps) o Consistent)UI)and)features)across)browsers) o Local)data)storage) o OVen)requires)dedicated)player)/)plugin) )
RIA)Technologies) o Flash/Flex/AIR) o MS)Silverlight) o AJAX) o Java/JavaFX) o
Google)Gears)
Security)Controls) o Run)apps)outside)browser) o sandboxing)
Why)AKack)RIA) o Weak)security)controls)/)insecure)development)pracHces) o Lots)of)money)to)be)made) o Credit)Cards) o IdenHty)theV) o
Blackmail)
RIA)AKack)Sampler) o RemoHng)AuthenHcaHon)/)AuthorizaHon)errors) o DecompilaHon)/)Reverse)Engineering)clients) o Insecure)client)side)storage) o Unauthorized)access)to)filesystem)or)local)network) o
User)supplied)Inputs) o Loading)Malicious)External)Content) o Sandbox)Bridges) o Insecure)default)se]ngs) o Insecure)network)communicaHon)
RemoHng)Insecurity) o Developers)fail)to)restrict)access)to)methods:) o AuthenHcaHon)) o AuthorizaHon) o Flash)remoHng)N)servers)can)be)fingerprinted,)Method)&)Service)names)can) be)bruteNforced)
)
Client)Decompilaton)/)Reverse)Engineering) o SWF)files)(can)be)decompiled))
ClientNSide)Storage) o SensiHve)info)is)oVen)stored)insecure)on)the)client) o Target)of)aKacker)once)machine)is)compromised,)leads)to)addiHonal)compromise) or)system)access) o Can)apps)access)each)others)data?))Test)this) o Flash)Cookies:)
o Hard)to)delete) ) )
Debug)FuncHonality) o OVen)inadvertently)leV)in)producHon)code) o Expose)sensiHve)informaHon,)addiHonal)funcHonality,)administraHve)capabiliHes)
User)Supplied)Parameters) o Flash)parameters) o AcHveX)params) o Adobe)AIR)arguments)
Loading)External)Content) o Can)trick)app)into)loading)malicious)content)
Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o
Sandboxes)apps)communicaHng)
Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)
Insecure)Network)CommunicaHon) o Add)wireshark)pics)
Security)Guidance)/)Best)PracHces) o Don’t)store)senHvie)info)on)clients) o Use)GUID)to)protect)client)side)data)objects) o Enforce)SSL)connecHons) o Implement)authenHcaHon)and)authorizaHon)for)remote)server)methods)
QuesHons)&)Comments) o Contact)us:) o
[email protected]
) o
[email protected]
) o Thanks!)
jonrose
kworkdev
torumakabe
shibayu36
nutslove
sansantech
kumaiu
stahnma
usanchuu
n11sh1
shoheimitani
ymotongpoo
malarkey
morganepeng
rkendrick25
takai
keavy
aleyda
thoeni
akosma
katarinadahlin
danielanewman
axbom
![Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_14.jpg){kind=link}
![Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_15.jpg){kind=link}
![QuesHons)&)Comments) o Contact)us:) o [email protected]) o [email protected]) o Thanks!)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_18.jpg){kind=link}