https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=RobinhoodOWASP - User contributions [en]2026-05-28T12:50:44ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Israel_2008_Conference_Ronen_Bachar&diff=38698OWASP Israel 2008 Conference Ronen Bachar2008-09-06T19:02:33Z<p>Robinhood: </p>
<hr />
<div>== Automated Crawling & Security Analysis of Flash/Flex based Web Applications == <br />
<br />
The move to web 2.0 and RIA (Rich Internet Applications) has presented new obstacles for automated web application scanners and crawlers. Specifically, the ability to automatically crawl Flash/Flex based applications and to analyze AMF traffic (proprietary Adobe binary message format) for security vulnerabilities. This presentation will discuss the following subjects - <br />
<br />
# Introduction to Flash/Flex applications <br />
# High level description of the AMF protocol and its usage <br />
# Automated Flash Testing Challenges (Crawling & Testing) <br />
# Overview of security risks in Flash/Flex applications <br />
<br />
Note: while this presentation is not product specific, it comes to show the current problems of automated security solutions, and will show the implementation that was done in IBM/Watchfire AppScan as a possible solution. We do not plan to pitch the product explicitly.<br />
<br />
== Bio == <br />
I have been working at Watchfire since 2004 . I'm a team leader for AppScan for the past 2.5 years and manage Flash Crawling project, C++ developer ( 1.5 years). SW engineer and team leader at Network Privacy ( 4 years). SW and HW developer at Elisra. I graduated Computer Science and Math from the Open University.</div>Robinhood