Yesterday, I received a post in the Pen-Test mailing list requesting for tips/resources on penetration testing of flash applications.  While there are some tools and white papers available, I could not find many authoritative resources which wraps the entire spectrum of flash security testing of RIA applications. So here is an endeavor to detail out the steps of testing.  I will keep this post only to outline the essential steps or points.  Please feel free to recommend additional inclusion of tools and techniques.  The idea is to come up with a comprehensive paper which can be used by pen-testers to test flash based Rich Internet Applications (RIA).
When a website (E.g. example.com) makes requests to another site (E.g. myonlinebank.com), it can potentially cause harmful effects (This is called Cross-Site Request Forgery). The problem with this kind of attack is that it often goes undetected, but leaves the user with the aftermath. CsFire protects you against this kind of attacks, by rendering these requests harmless. This is done by removing authentication information (cookies and authentication headers).
Chris Evans on using HTML forms to create cross-domain XML payloads. Some restrictions apply.
Intranets are intended to be secured from the outside by way of firewalls and other networking devices. Unfortunately, there has been a move towards non-routable address space as a method of protection, rather than other methods of protecting private IP space. This paper will outline a number of flaws that can be exploited by an adversary because of the use of well known non-routable IP address spaces.
Proposals for modifications to OAuth so that I will work better outside of the web browser.
The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser.
Wiki on Flash Security (maintained by fukami)
Wiki on Flash Security (maintained by fukami)
