f you're an Adobe Flash or Flex Developer, looking to build secured and hard to break solutions - this WebiTalk is a must!
App developers, game developers, website developers - Don't miss on the opportunity to learn how to build secured Flash & Flex applications and deliver a secured experience for your customers
23. So, How to protect your data? Use binarry data instead of text /XML Hash your data (MD5, Sha1) Use sessions Use secure channel (SSL/RTMPE) Time changing password Use common logic
24. Secured loading Step 4 - Decrypt SWF data and load SWF (SWFLoader) Step 1 - Download only frame application Step 3 - Download main app Client Server Step 2 - Open encrypted channel (SSL)
25. Memory protection You don’t know where your SWF will be used There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
27. So, how to protect memory? Scramble important data (Random) Use checksum on data Don’t count on garbage collection
28. Why use attack server? Cause DOS Damage remote site database Multiple registrations Login to accounts Many more
29. Passwords protection Encourage the user to use complex password Don’t use trivial combinations Hash the password (MD5) IPtoLocation filter Use smart captcha
33. Passwords (3) Trivial passwords will be easy to detect PasswordHash lior1 - e9d9dc5987d3fd2369e10ed0a8c32d8a good - 7faae226566c91d06a0d741e0c9d3ae6 bruder - e9d9dc5987d3fd2369e10ed0a8c32d8a test - 098f6bcd4621d373cade4e832627b4f6
34. Passwords (4) How to steal captcha On your site Somewhere on the internet… Welcome to my site Do you want to see the next picture? User name: Password: For security please retype the following characters: