Main Page

From FlashSec

Jump to: navigation, search


[edit] About FlashSec

This wiki is mainly dedicated to Adobe Flash/Flex/AIR and ActionScript security. Here you can find an overview over articles, tools and howtos regarding these topics. The final goal is to develop references, documentation, testing methodologies and tools for auditing.

The main reason for starting a Flash Security Wiki was the lack of summarizing documentation regarding security related work with Flash et. al. There are quite some excellent resources such as OSFlash for documenting RIA development with Flash, but most of them aren't focussing on security at all.

Stefano di Paola maintains another project which deals with Flash security: the OWASP Flash Security Project. This project also aims to produce guidelines and tools around Flash Security. The first tool specifically developed for runtime analyzing and security testing of Flash applications called SWFIntruder can be found there.

In the future maybe other RIA related informations will be included (such as JavaFX, Silverlight or Real).

[edit] What to find here

At the moment you will mainly find a Glossary which try to give short explanations of acronyms and words used in this wiki. There is also an overview over Articles and Advisories regarding Flash security, Data and Message Formats used, Software such as server, proxies, decompiler, developer tools, plugins, IDEs, loggers etc. and an overview over official and non-official specifications.

[edit] Notes

If you think you have something related to contribute or like to help otherwise please feel free to make an account and start editing. It's a wiki :)

Most information about software and protocols has been taken from Wikipedia, OSFlash or vendor sites.

[edit] Contact

In case you need to contact the Flash Security Project please feel free to write a mail to There is also a channel #flashsec at Freenode IRC network.