DeepSec 2012 Talk: AMF Testing Made Easy
Protocols are fun. When it comes to security, protocols are both loved and loathed. Security researchers have fun breaking them. Developers have a hard time designing them (this is why short-cuts will be taken and weaknesses are introduced). Penetration testers are sent to discover broken protocols and to exploit them. Attackers usually know some bits about protocols, too. This is where you come in. Regardless on which side you are on, you need to know, too. It’s not always about security, though. Typical software deployment or development requires testing, too. Luca Carettoni has good news for you either way. Despite the popularity of Flex and the AMF binary protocol, testing AMF-based applications is still a manual and time-consuming activity. This research aimed at improving the current state of art, introducing a new testing approach