UC San Diego

Adobe Flash is a multimedia platform used for developing rich internet applications. Flash also facilitates sharing resources and data between flash files on different domains. Sites that allow sharing of content need to host a crossdomain policy file, crossdomain.xml which has a list of websites that can access resources from this site. This thesis attempts to survey the crossdomain.xml Flash policy file present accross the Alexa top 50,000 websites. We found that 3609 out of the 47197 surveyed sites had unrestricted crossdomain Flash access. These numbers suggest that Flash crossdomain.xml policy files are liable to misconfiguration. We also propose some mitigation techniques for the same