By Topic

A New Security Testing Method for Detecting Flash Vulnerabilities by Generating Test Patterns

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Takanobu Watanabe ; Univ. Bus. Innovation Center, Univ. of Aizu, Aizu-Wakamatsu, Japan ; Zixue Cheng ; Mizuo Kansen ; Masayuki Hisada

Flash has a number of security defects even though Flash Player is installed on most of world's PC. Protection using sandbox has limitation to protect a user from vulnerabilities of Flash application because an attacker can attack a vulnerable Flash application when a sandbox can't work if an engineer or a web administrator set sandbox permission wrongly. Another way to solve it is testing. As a testing, penetration testing is useful for detecting vulnerability of Flash Application. Existing penetration testing performs penetration test through UI manually, which is inefficient and time consuming. In this paper, to overcome a problem of existing penetration test, we design a new penetration testing, which enables to generate as many test patterns as possible from VM inputs, inputting test patterns into VM, and checks the existence of vulnerabilities from VM outputs automatically. We demonstrate our testing method using an example, which can detect Flash Parameter Injection that is a one kind of vulnerability of Flash application.

Published in:

Network-Based Information Systems (NBiS), 2010 13th International Conference on

Date of Conference:

14-16 Sept. 2010