Description: In this talk titled "FLEX, AMF 3 and BlazeDS: An Assessment", given at Blackhat USA 2008, Jacob Karlson and Kevin Stadmeyer give us a detailed view of Adobe Flex, AMF3 and BlazeDS technologies. They take us through the basics of these technologies and discuss the various security mechanisms used in them such as crossdomain.xml, Flash player sandbox, Local Shared Objects, Actionscript cookies etc. Though the talk does not demonstrate any new security vulnerabilities, it does outline the common mistakes flex programmers could make which might open up potential security holes. This also serves as a primer for various security assessment tools for flash applications such as Flash decompilers, debuggers, sniffers and proxies.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.