Flash Security

50 %
50 %
Information about Flash Security

Published on September 1, 2008

Author: fmavituna

Source: slideshare.net

Description

Attacking and Defending Flash Applications.

Attacking and defending Flash Applications

Flash Security I’ll talk about; RIA, Web 2.0 and Security What is Crossdomain.xml? Why does it exist? Only problem about Flash : XSS XSS and Impact of XSS Attacks Attack Surface of Flash Applications   Global Parameters   External Resources Same-origin Policy and Flash Embedding High Security Required Applications and Flash Not going to talk about these, at least not today; Server-side Flash Security Attacking users via Flash Flash Vulnerabilities

I’ll talk about;

RIA, Web 2.0 and Security

What is Crossdomain.xml? Why does it exist?

Only problem about Flash : XSS

XSS and Impact of XSS Attacks

Attack Surface of Flash Applications

  Global Parameters

  External Resources

Same-origin Policy and Flash Embedding

High Security Required Applications and Flash

Not going to talk about these, at least not today;

Server-side Flash Security

Attacking users via Flash

Flash Vulnerabilities

RIA, Web 2.0 and Security Complexity is the worst enemy of security Every new component in the browser is a new threat AJAX, Silverlight, AIR, Flash, Java, Myspace Upload ActiveX etc. All of these are potential security problems. Every new technology comes with new style of development and it takes time to have secure “best practices”.

Complexity is the worst enemy of security

Every new component in the browser is a new threat

AJAX, Silverlight, AIR, Flash, Java, Myspace Upload ActiveX etc. All of these are potential security problems.

Every new technology comes with new style of development and it takes time to have secure “best practices”.

Crossdomain.xml & Same-Origin Policy Same-Origin Policy Why Cross-domain access is a bad thing? Examples ... Cookie, XMLHTTP Requests, Javascript etc. Flash and Crossdomain.xml

Same-Origin Policy

Why Cross-domain access is a bad thing?

Examples ...

Cookie, XMLHTTP Requests, Javascript etc.

Flash and Crossdomain.xml

A Quite Naïve Crossdomain.xml File <cross-domain-policy>     <allow-access-from domain=&quot;*&quot; secure=&quot;false&quot;/> </cross-domain-policy>

<cross-domain-policy>     <allow-access-from domain=&quot;*&quot; secure=&quot;false&quot;/> </cross-domain-policy>

Demo Stealing information via Flash by exploiting Crossdomain.xml trust. http: //e xamplebank.com http://attacker.com/

Stealing information via Flash by exploiting Crossdomain.xml trust.

http: //e xamplebank.com

http://attacker.com/

XSS Tunnelling? Tunnelling HTTP tarffic through XSS channels. Allows to bypassing IP Restrictions, VPN, basic auth etc.

Tunnelling HTTP tarffic through XSS channels. Allows to bypassing IP Restrictions, VPN, basic auth etc.

Attack Surface of Flash Global Parameters Flashvars Querystring LoadVars Configuration Files Dynamically loaded Flash Animations

Global Parameters

Flashvars

Querystring

LoadVars

Configuration Files

Dynamically loaded Flash Animations

Global Parameter Modification Who are these global parameter s? _root. _global. _level0.

Who are these global parameter s?

_root.

_global.

_level0.

Flash Embedding Limit Flash file’s access by setting Allowscriptaccess attribute to “noaccess” while embedding an external Flash animation.

Limit Flash file’s access by setting Allowscriptaccess attribute to “noaccess” while embedding an external Flash animation.

getURL() getURL problems getURL( “ javascript: alert(1)” )

getURL problems

getURL( “ javascript: alert(1)” )

HTML Text Area If HTML enabled in the textareas and if the data loaded up dynamically http://example.com/XSS/riaac3.swf?_Ghtml=<img%20src=&quot;javascript:alert(1)//.jpg&quot;>

If HTML enabled in the textareas and if the data loaded up dynamically

http://example.com/XSS/riaac3.swf?_Ghtml=<img%20src=&quot;javascript:alert(1)//.jpg&quot;>

LoadClip, xml.load Are external resources secure? Hardly coded or configuration files coming from a secure place? You should check for configuration location and should not this from the user input.

Are external resources secure? Hardly coded or configuration files coming from a secure place?

You should check for configuration location and should not this from the user input.

Flash usage in highly security required systems Why it can be a problem? Increased attack surface

Why it can be a problem?

Increased attack surface

Sum it up! You should limit Flash’s JavaScript access while embedding external Flash files.

You should limit Flash’s JavaScript access while embedding external Flash files.

Sum it Up! Loaded configurations should be coming from trusted domains, Loaded external resources should be coming from trusted domains.

Loaded configurations should be coming from trusted domains,

Loaded external resources should be coming from trusted domains.

Sum it Up! When you are using Htmltext be sure that loaded data is sanitised and encoded.

When you are using Htmltext be sure that loaded data is sanitised and encoded.

References, Resources and Tools Flashsec Wiki OWASP – Finding Vulnerabilities in Flash Applications SWFIntruder Flare and similar decompiler s

Flashsec Wiki

OWASP – Finding Vulnerabilities in Flash Applications

SWFIntruder

Flare and similar decompiler s

Thanks ...

Add a comment

Related presentations

Related pages

www.flash-security.de | Das Unternehmen

Im Mittelpunkt unseres Handelns stehen Früherkennung, Prävention und Deeskalation. Wir sehen uns nicht als Fremdkörper, sondern als natürlicher ...
Read more

www.flash-security.de | Berlin

Lucie Reschke Assistentin der Geschäftsführung. Tel. +49 (0)30.322.95.21.911 Fax +49 (0)30.322.95.21.909 Email lucie.reschke@ardor-mail.de
Read more

USB Flash Security - Download - COMPUTER BILD

USB Flash Security 4.1.11.13: kostenlos, englisch, virengeprüft, schnell und sicher! Kategorie: Tuning & System, USB-Tools
Read more

Adobe - Flash Player : Settings Manager - Global Security ...

If you are a designer or developer creating applications for Flash Player, see Global security settings for content creators instead.
Read more

USB Flash Security - Download - CHIP

Die kostenlose Windows-Software "USB Flash Security" verschlüsselt die Daten auf Ihrem USB-Stick. Wenn Sie wichtige Daten auf einem USB-Stick ...
Read more

USB Flash Security Download – GIGA

USB Flash Security 4.1.10 Download bei GIGA. USB Flash Security sichert euren USB-Stick mittelos Verschlüsselung und Passwortschutz gegen unerlaubten ...
Read more

Security Bulletins and Advisories - Adobe Support

See all Adobe Flash Security Bulletins. Back to top. Adobe Flash Media Server. Brief Originally posted Last updated;
Read more

USB Flash Security - Bilder, Screenshots - COMPUTER BILD

Screenshots USB Flash Security 4.1.11.13: kostenlos, englisch, virengeprüft, schnell und sicher! Kategorie: Tuning & System, USB-Tools
Read more

USB Flash Security - Download

USB Flash Security, free and safe download. USB Flash Security 4.1.5: Protect USB drives with a password. USB sticks are pretty much ubiquitous, and there ...
Read more

Flash Player security | Adobe Developer Connection

White paper: Adobe Flash Player 10 security. Adobe (Nov 17, 2008) ... Make your Flash projects more secure by following these guidelines.
Read more