File:20140820-Flash Security by Arcus Security.pdf

(Client-Side) Flash Security by Stefan Horlacher Flash has always been infamous for its security issues. Most of the time we hear about memory corruption vulnerabilities like buffer overflows and how clients are attacked. As such attacks are widely known, this presentation will focus on the less known vulnerabilities that might arise through the use of Flash. This presentation is going to show concepts such as client settings, cross-domain policies and how Flash files may be embedded in your web site in a secure way. Furthermore, common vulnerabilities found in Flash applications will be presented (e.g.: Cross-Site Flashing, redirection attacks and others). Some of these vulnerabilities will be demonstrated in a live demo.