Re: Flash Web Application



Hi Zaki,

Please go through this. It should be a very good starting point for
flash penetration testing. A Lazy Pen Tester’s Guide to Testing Flash
Applications : http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/

Thanks!
Rudra K Sinha Roy





On Tue, Jan 26, 2010 at 8:28 AM, Zaki Akhmad <zakiakhmad@xxxxxxxxx> wrote:

Hello,

I want to learn pentesting flash web application. The authentication
also using flash. Any hint where I should start to pentest flash web
application?

Can I use webscarab to see what happen on the site?

--
Zaki Akhmad

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Flash Web Application
    ... Any hint where I should start to pentest flash web ... So far we've found SWFscan to be a good decompiler, but a lousy vulnerability finder, for what it's worth. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Flash Web Application
    ... Any hint where I should start to pentest flash web ... but I've had varying success ... Using wireshark to trap successful and failed authentication packets ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Flash Web Application
    ... An inline proxy like webscarab may help, but another good tools is rat ... It comes with a flash decompiler called flare. ... Can I use webscarab to see what happen on the site? ... Information Assurance Certification Review Board ...
    (Pen-Test)