Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Rich Internet Application Security
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jon Rose
June 18, 2010
Technology
2
97
Rich Internet Application Security
Talk at You Sh0t the Sheriff in Sao Paulo Brazil.
Jon Rose
June 18, 2010
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Agile Security
jonrose
1
180
Decoding Bug Bounty Programs
jonrose
1
530
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Dynamic App Patching
jonrose
2
92
Cloudy with a chance of 0-day
jonrose
1
76
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
210
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
150
CodeSearch0day
jonrose
1
66
Other Decks in Technology
See All in Technology
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
1
380
What happened to RubyGems and what can we learn?
mikemcquaid
0
200
今日から始める Amazon Bedrock AgentCore
har1101
4
320
日本語テキストと音楽の対照学習の技術とその応用
lycorptech_jp
PRO
1
400
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
130
AIとともに歩む情報セキュリティ / Information Security with AI
kanny
4
3.1k
GCASアップデート(202510-202601)
techniczna
0
240
SMTP完全に理解した ✉️
yamatai1212
0
180
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
bbqallstars
4
1.4k
Vitest Highlights in Angular
rainerhahnekamp
0
130
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
120
Featured
See All Featured
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
0
3.4k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
170
Automating Front-end Workflow
addyosmani
1371
200k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
630
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.6k
SEO for Brand Visibility & Recognition
aleyda
0
4.2k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
54
How to Ace a Technical Interview
jacobian
281
24k
Navigating Weather and Climate Data
rabernat
0
89
Skip the Path - Find Your Career Trail
mkilby
0
52
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
The Cult of Friendly URLs
andyhume
79
6.8k
Transcript
Breaking)and)Securing) the)RIA)Montage) Kevin)Stadmeyer) Jon)Rose)
Who)are)we?) o Consultants)at)Trustwave’s)SpiderLabs) o Background) o Network)&)App)PentesHng) o Architecture)&)Code)Review) o SDLC)Security) ))
Outline) o Overview) o RIA)Technologies) o Security)controls) o AKack)examples) o Securing)RIA)
Rich)Internet)ApplicaHons) o DefiniHon)N)I)know)it)when)I)see)it) o Typically)provides:) o Offline)mode) o File)system,)network)access) o
Quicker)responsiveness)than)tradiHonal)web)apps) o Consistent)UI)and)features)across)browsers) o Local)data)storage) o OVen)requires)dedicated)player)/)plugin) )
RIA)Technologies) o Flash/Flex/AIR) o MS)Silverlight) o AJAX) o Java/JavaFX) o
Google)Gears)
Security)Controls) o Run)apps)outside)browser) o sandboxing)
Why)AKack)RIA) o Weak)security)controls)/)insecure)development)pracHces) o Lots)of)money)to)be)made) o Credit)Cards) o IdenHty)theV) o
Blackmail)
RIA)AKack)Sampler) o RemoHng)AuthenHcaHon)/)AuthorizaHon)errors) o DecompilaHon)/)Reverse)Engineering)clients) o Insecure)client)side)storage) o Unauthorized)access)to)filesystem)or)local)network) o
User)supplied)Inputs) o Loading)Malicious)External)Content) o Sandbox)Bridges) o Insecure)default)se]ngs) o Insecure)network)communicaHon)
RemoHng)Insecurity) o Developers)fail)to)restrict)access)to)methods:) o AuthenHcaHon)) o AuthorizaHon) o Flash)remoHng)N)servers)can)be)fingerprinted,)Method)&)Service)names)can) be)bruteNforced)
)
Client)Decompilaton)/)Reverse)Engineering) o SWF)files)(can)be)decompiled))
ClientNSide)Storage) o SensiHve)info)is)oVen)stored)insecure)on)the)client) o Target)of)aKacker)once)machine)is)compromised,)leads)to)addiHonal)compromise) or)system)access) o Can)apps)access)each)others)data?))Test)this) o Flash)Cookies:)
o Hard)to)delete) ) )
Debug)FuncHonality) o OVen)inadvertently)leV)in)producHon)code) o Expose)sensiHve)informaHon,)addiHonal)funcHonality,)administraHve)capabiliHes)
User)Supplied)Parameters) o Flash)parameters) o AcHveX)params) o Adobe)AIR)arguments)
Loading)External)Content) o Can)trick)app)into)loading)malicious)content)
Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o
Sandboxes)apps)communicaHng)
Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)
Insecure)Network)CommunicaHon) o Add)wireshark)pics)
Security)Guidance)/)Best)PracHces) o Don’t)store)senHvie)info)on)clients) o Use)GUID)to)protect)client)side)data)objects) o Enforce)SSL)connecHons) o Implement)authenHcaHon)and)authorizaHon)for)remote)server)methods)
QuesHons)&)Comments) o Contact)us:) o
[email protected]
) o
[email protected]
) o Thanks!)
jonrose
hiroyaonoe
mikemcquaid
har1101
lycorptech_jp
masakiokuda
kanny
techniczna
yamatai1212
bbqallstars
rainerhahnekamp
sansan33
shift_evolve
katarinadahlin
techseoconnect
addyosmani
joshbly
aleyda
akademiya2063
jacobian
rabernat
mkilby
destraynor
andyhume
![Breaking)Sandbox)Bridges) o Transfering)data)between)sandboxes) o Objects)available)from)mulHple)sandboxes) o Pass)data)by)value) o Simliar)to)ajax)devs)ge]ng)past)same)origin) o](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_14.jpg){kind=link}
![Insecure)Default)Se]ngs) o AIR)installer)prompt) o Check)self)signed)code)for)various)tech..)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_15.jpg){kind=link}
![QuesHons)&)Comments) o Contact)us:) o [email protected]) o [email protected]) o Thanks!)](https://files.speakerdeck.com/presentations/509042447536e5000200e3c4/slide_18.jpg){kind=link}