0 applications are being used with Win32 clients.
The next chapter in this section is about Flash security. Like ActiveX, Flash has been
around for awhile, but is used more now on the web than ever before. Web sites such as
YouTube.com have shown how Flash can be used to do more than simply show a cool
web design created by graphic arts majors. Flash has shown that web applications can be
used to display rich content rather than static text in a very easy way. Sites ranging from
YouTube.com to online advertisers have jumped on the bandwagon. As always, when
using rich dynamic content, the security challenges often get more complex and cumbersome.
This chapter shows some of the basics of the Flash security model. Part IV of the
book concludes with a case study on the security changes of Internet Explorer 7. This
case study is a fitting end to the book, as browser security has shown to have a significant
impact on web applications. The lack of a browser security model has proven to
enable common attacks against web applications as well as allow phishers/scanners to
exploit trust assumptions built in to IE and Firefox. Mark Andreessen and the rest of the
Netscape crew had many challenges in 1993, so we can forgive how browser security
decisions made in 1993 still affect us years later.
Pages:
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58