25C3 - 1.4.2.3

25th Chaos Communication Congress
Nothing to hide

Speakers
Stefano Di Paola
kuza55
Schedule
Day Day 2 (2008-12-28)
Room Saal 1
Start time 14:00
Duration 01:00
Info
ID 2893
Event type lecture
Track Hacking
Language used for presentation en
Feedback

Attacking Rich Internet Applications

Not your mother's XSS bugs

This presentation will examine the largely underresearched topic of rich internet applications (RIAs) security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications.

In recent years rich internet applications (RIAs) have become the mainstay of large internet applications and are becoming increasingly attractive to the industry due to their similarity to desktop applications. Furthermore their user of exsting web technologies such as HTTP, HTML/XML and Javascript/Actionscript make them attractive options to companies with existing web developers.

Unfortunately the use of existing technologies brings with it the burden of existing ways to write vulnerable code, but adds yet more ways. This presentation will examine the largely underresearched topic of RIA security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications.