Security of Rich Internet Applications (RIA) especially
based on Adobe Flash has become a subject for many concerns. Numerous
tools for decompiling, disassembling and analysis are available,
although most of them are not intended be used for security-related
analysis. The recent attacks supplying malicious banner ads through
high profile web sites are an example how easy it is to reach a large
number of targets with relatively primitive techniques such as
redirects from within a Flash banner. This talk is focussed on
possible attacks with Flash and detection of malicious SWF on-the-fly
mainly using erlswf, a tool written in Erlang programming language.
Speaker
fukami is working for Cologne based web security company
SektionEins and runs a project called FlashSec with is dedicated to
Adobe Flash Security. BeF is an enthusiastic open source developer,
member of the eventphone phone operation center, ham radio operator
and Erlang programmer.