When it comes to security there is no end to what one can do , but the basic techniques that an attacker remains the same. In case of a RIA built with flex, there are a
few important and unique considerations.
- It’s equally easy to monitor requests and results from a Flex app to and from the server. This and the above make it a breeze to get the URI’s and expected parameters for your PHP scripts.Softwarre like ETHEREAL do a great job in finding out what is being sent and received.
- Most Flex/PHP/JSP architected applications will expect and return clean, simple XML data. This data can be parsed easily to see if any security holes can be exploited.Thats why you will have to seriously consider the binary protocol AMF and start using its implementation in the form of Blazeds.LCDS or AMFPHP
Hope it helps!