WebApp Sec mailing list archives

Re: Flash sites

From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: Wed, 3 Sep 2003 10:05:32 -0700

A flash only web site is no more or less secure than a static HTML sitewith

the same permission as you've describe. Both sites do nothing
from a server interactivity point of view, which is where web app
vulnerability reside.

the word "safest", becomes somewhat arbitrary.




On Wednesday, September 3, 2003, at 09:14 AM, John Madden wrote:

Hello all,

If a web site contains only flash files and has no
write permissions to modify those flash files, no
default files or other potentially dangerous scripts
can we say that is the "safest" form of a web site ?

Are there any other concerns in auditing a flash based
site ?

Thanks

John

_________

Current thread:

Flash sites John Madden (Sep 03)
- Re: Flash sites Thomas Chiverton (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Max Moser (Sep 04)
  - Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Jean-Jacques Halans (Sep 04)
- Re: Flash sites Jeremiah Grossman (Sep 04)
  - Re: Flash sites ADex (Sep 06)
- <Possible follow-ups>
- RE: Flash sites Nick Duda (Sep 03)
  - RE: Flash sites Mathew C. Beckman (Sep 04)
- RE: Flash sites Piet Carpentier (Sep 04)
- Re:Flash sites leorl (Sep 04)
- FW: Flash sites GRIFFITHS ian (Sep 05)