Payload Delivery Part VIII: Miscellaneous Rich Web Content
We've talked about Java applets and touched on Adobe Flash as attack vectors. However, as Oracle has expressed a desire to replace applets in their current form and as the browser makers have lost all patience with Adobe over their complete lack of secure coding practices, neither of these technologies are going to be around forever. Their successors are already in active deployment and are suitable for use in APT modeling attacks. Although they are very different from each other technologically, the way they offer content to the user is (visually) not all that dissimilar, so it makes sense to talk about the two together.
Java Web Start
JWS applications don't run inside the browser but are generally deployed through the browser interface. From a software development perspective, this has several advantages, but mainly it allows much more refined memory management and indeed the allocation of much more memory than would...