Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

AMF Testing Made Easy

Black Hat via YouTube

Overview

Explore advanced techniques for testing Action Message Format (AMF) applications in this Black Hat USA 2012 conference talk. Delve into the challenges of bug hunting in AMF-based applications and discover a new automated gray-box testing approach. Learn about Blazer, a Burp Suite plugin that revolutionizes AMF fuzzing by dynamically generating objects from method signatures. Gain insights into improving coverage and effectiveness when targeting complex applications, and examine real-world vulnerabilities uncovered using this innovative tool. Follow along as the speaker demonstrates the methodology using Adobe BlazeDS as a server-side reference implementation. Acquire practical knowledge on making AMF testing more robust and efficient, covering topics such as authentication, SQL injection, and best-fit heuristics.

Syllabus

Intro
About me
Introduction and context
AMF for end-users
AMF for old-school hackers
AMF for web hackers
Adobe BlazeDS
Action Message Format (AMF)
State of art (research, tools)
Testing remote methods, today
Enterprise-grade applications
Security Testing Areas 36 Authentication
Say hello to Blazer
Blazer vo.2
Blazer - Architecture 2/2
DEMO 1
Blazer - Core techniques 1/3
Test case: SQL injection
Blazer - "Best-fit" heuristics 2/2
Coverage and Scalability
AMF Security Testing with Blazer 36 Authentication
Conclusions
Future improvements

Taught by

Black Hat

Reviews

Start your review of AMF Testing Made Easy

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.