This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Flash Security Project

From OWASP
Revision as of 00:41, 5 February 2008 by Puhley (talk | contribs) (Articles)

Jump to: navigation, search

Overview

OWASP Flash Security Project is an open project for sharing a knowledge base in order to raise awareness around the subject of Flash applications security.

Goals

The OWASP Flash Security Project aims is to produce guidelines and tools around Flash Security

Tools

Flash security testing SWFIntruder

Third-party Libraries

AS3Crypto - An ActionScript 3.0 cryptography library.

as3corelib - An Adobe sponsored Google Code project that contains ActionScript 3.0 implementations of WS-Security, SHA, MD5 and other utilities.

flash-validators - An Adobe sponsored Google Code project that contains ActionScript 2.0 and ActionScript 3.0 data validation libraries.

White Papers

[1] Testing Flash Applications ppt, Stefano Di Paola, Owasp Appsec 2007, 17th May 2007, Milan (Italy).

[2] Finding Vulnerabilities in Flash Applications ppt, Stefano Di Paola, Owasp Appsec 2007, 15th November 2007, San Jose CA (USA)

Articles

[1] Creating more secure SWF web applications Adobe Developer Center article on secure ActionScript programming practices.

[2] Security Changes in Flash Player 9 This Adobe Developer Center article describes the important changes that need to be made to existing crossdomain.xml and socket policy files. All websites that use cross-domain or socket policy files will need to implement these changes in order to be compatible with Adobe's new format. After the implementation of Phase II, Adobe will no longer support the old format.

References

Adobe Flash Player Developer Center Security section

Project Contributors

The Flash Security project is run by Stefano Di Paola. He can be contacted at stefano.dipaola AT mindedsecurity.com.

Project Sponsors

The Flash Security project is sponsored by MindedLogo.PNG

This category currently contains no pages or media.