Yesterday, I received a post in the Pen-Test mailing list requesting for tips/resources on penetration testing of flash applications.  While there are some tools and white papers available, I could not find many authoritative resources which wraps the entire spectrum of flash security testing of RIA applications. So here is an endeavor to detail out the steps of testing.  I will keep this post only to outline the essential steps or points.  Please feel free to recommend additional inclusion of tools and techniques.  The idea is to come up with a comprehensive paper which can be used by pen-testers to test flash based Rich Internet Applications (RIA).
Intranets are intended to be secured from the outside by way of firewalls and other networking devices. Unfortunately, there has been a move towards non-routable address space as a method of protection, rather than other methods of protecting private IP space. This paper will outline a number of flaws that can be exploited by an adversary because of the use of well known non-routable IP address spaces.
Wiki on Flash Security (maintained by fukami)
Wiki on Flash Security (maintained by fukami)