Flash Security

Due ricercatori IBM "gave a presentation on the subject of Flash security, and revealed the details of a new Flash related attack vector called Flash Parameter Injection (FPI)."

Dicono anche che "It appears that the world of Flash & Flex web application security is still in its infancy"

http://blog.watchfire.com/wfblog/2008/10/flash-parameter.html

Qui forniscono "a high level overview of Flash, Flex and the AMF protocol, and dives into some gory details regarding the challenges and possible approaches for performing automated crawling and security testing of web applications that were built using these technologies."

http://blog.watchfire.com/wfblog/2008/09/automated-crawl.html

Giorgio, Eric: io non ho approfondito, ma potrebbe essere molto interessante nei periodi brevissimo, breve e anche medio.