Mike Bailey's Flash presentation is good.

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

People in the web application security space are often more into
"scanners" than people finding memory corruption bugs. I'm not sure what
 the root cause is there - perhaps the set of bug classes that are
useful in web applications includes an abnormally large number of
automatable possibilities? Perhaps it's just a sign of the immaturity of
the field in general.

But web application hacking can be as complex as a CLOUDBURST style
memory corruption bug. For example, Mike Bailey's BH DC 2010
presentation has a 20-step ownage of gmail which is particularly good.

http://www.blackhat.com/presentations/bh-dc-10/Bailey_Mike/BlackHat-DC-2010-Bailey-Neat-New-Ridiculous-flash-hacks-slides.pdf

The fun stuff usually happens at the intersection of assumptions.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkuWcnQACgkQtehAhL0ghepHLACfdvvmP/gIcjyZcVZoB8Algy5K
ae4An278a5KS72fl9J+B/fpLIg+qH6ae
=E3Hb
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave