Re: Flash Web Application

["Samantha Fetter" <Samantha.Fetter () truevalue com>]

Another great tool is SWFScan.  It's provided by HP and requires registration, but is free.
http://www.hp.com/go/swfscan 

I was introduced to this in a class, and was told that although other tools attempt to decompile the flash code, and 
can usually do a decent job, this tool was made using the actual Flash source so can truly decompile it accurately.  
It's easy to use and pretty cool.

Cheers,
Samantha

> > > On 1/25/2010 at 8:58 PM, Zaki Akhmad <zakiakhmad () gmail com> wrote:
> Hello,
>
> I want to learn pentesting flash web application. The authentication
> also using flash. Any hint where I should start to pentest flash web
> application?
>
> Can I use webscarab to see what happen on the site?
>
> -- 
> Zaki Akhmad
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually 
> do a proper penetration test. IACRB CPT and CEPT certs require a full 
> practical examination in order to become certified. 
>
> http://www.iacertification.org 
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------