WHAT'S HOT
PARTS:
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 400 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

With that
knowledge in mind, Flash and ActionScript developers should do the following to
protect their applications:
??? Validate or sanitize user-de?¬? nable input in URL parameters and flashvars
intended for the SWF.
??? Ensure that no redirectors reside in the domain hosting these SWFs.
??? Take advantage of optional Flash and tag security attributes.
??? Serve automatically generated SWFs from a numbered IP address or some
domain that you don??™t care about having XSS on.
Input validation and sanitization is a challenge for Flash applications and server-side
web applications, alike. Here are some pointers to help developers:
??? Reduce the number of user-de?¬? nable URL parameters or flashvars in functions
that load URLs or that use htmlText.
??? When including user-de?¬? nable parameters in functions that load URLs, check
that the URLs begin with http:// or https://and ensure that they contain no
directory traversal attacks. Even better, pre?¬? x the user-de?¬? nable parameters
with your own domain, like so:
Chapter 9: Attacking Flash Applications 237
loadMovie("http://www.example.com/" +
directoryTraversalSafe(_root.someRelativeUrl));
??? HTML entity encode all user-de?¬? nable data before placing it in TextField and
TextArea objects.


Pages:
388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412
After the Rain : how the West lost the East (page 107) A History of Indian Philosophy, Volume 1 (page 873) The Adventures of Tom Sawyer, Part 3. (page 8)
bilety lotnicze Noclegi Władysławowo koszule korporacyjne Apartamenty nad morzem online loan for bad credit