Posts Tagged flash

SaaS Penetration Testing is a model i can’t get behind, but that doesn’t mean that the people behind the product don’t have good ideas. A few days ago this company provided a pretty decent guideline article on testing flash applications called “A Lazy Pen Tester’s Guide to Testing Flash Applications“

It outlines the general categories of vulns we should be looking for in flash apps:

* Cross Site Scripting
* Malicious Data Injection
* Insufficient Authorization Restrictions
* Secure Transmission
* SWF Information Leak
* Minimum Stage Size for Anti-ClickJacking
* SWF Control Permission
* Untrusted SWF in Same Domain
* Clickjacking
* Privilege Separation
* Cross Domain Policy Audit
* Uninitialized Variable Scanning
* Remote Method Enumeration
* Business Logic Testing

I like it. Check it out.