WebApp Sec mailing list archives
Re: Flash Obfuscation
From: 0x4150 <0x4150 () gmail com>
Date: Fri, 30 Apr 2010 16:00:07 -0500
My company had a pen test of the application and the tester reported that we should obfuscate the flash content. I would like to make it as difficult as possible for an attacker to reverse and understand the application logic. The application deals with sensitive data so I want to protect it (as much as possible). I was told there were ~3 products on the market which can obfuscate flash, but none seemed reputable. On Fri, Apr 30, 2010 at 6:58 AM, Brad Causey <bradcausey () owasp org> wrote:
What's your goal? Maybe thatll help us help you. On 4/30/10, Paul Melson <pmelson () gmail com> wrote:On Thu, Apr 29, 2010 at 2:05 AM, 0x4150 <0x4150 () gmail com> wrote:Has anyone done obfuscation of a flash application? If so, what tool(s) would you recommend?I wouldn't recommend any of them as a way to actually secure anything as the end result must still be a SWF file that Flash Player can parse correctly, and therefore they can be decompiled or debugged in order to reverse the code. The only example of obfuscated ActionScript that I've seen to date has been a malware dropper. In that case it was about 20 minutes by hand to reverse. About 1 minute for Wepawet to do the same. PaulM This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus ---------------------------------------- Sent from my mobile device -Brad Causey CISSP, MCSE, C|EH, CIFI, CGSP http://www.owasp.org -- "Si vis pacem, para bellum" --
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Flash Obfuscation 0x4150 (Apr 29)
- Re: Flash Obfuscation Paul Melson (Apr 30)
- Re: Flash Obfuscation Brad Causey (May 01)
- Re: Flash Obfuscation 0x4150 (May 01)
- Re: Flash Obfuscation Brad Causey (May 01)
- Re: Flash Obfuscation Paul Melson (Apr 30)