I'm in the process of building a test plan for validating the security of our Flex/J2EE application. I believe we have some issues with trusting the Flex application too much, but I need to be able to quantify those issues.
The ideal way would be a way to show me making data service calls outside of the application. Are there tools or instructions for how one might go about doing this? I really don't want to find these things out after we release to our beta customers. :)
-
Fiddler on Windows is great for monitoring http connections.
-
First, give the port on which Flex communicates to the J2EE server, then using Ethereal or Wireshark you can watch if it use an encrypted channel :-)
-
Charles is an excellent HTTP debugging proxy which can parse AMF data and display it as a tree. You can also set "breakpoints" to intercept a HTTP call and modify the AMF data in either the request or response.
0 comments:
Post a Comment