Hosting Flash Content¶

Blitzableiter is primarily developed as a server-side ingress security measure for Adobe Flash content.

Target Audience¶

If you are hosting user supplied content that could include Flash content or movies, Blitzableiter is for you.

The most common case is hosting advertisement material on your own site (i.e. not linking from an Ad Network). You will already have contractual rules for the content in place (e.g. banner dimensions, restrictions on target URLs per campaign, etc.). Blitzableiter enables you to force these rules onto the content, and as a side effect, dramatically reduces the likelihood of accepting malicious Flash content that could harm your users.

Process¶

In order to use Blitzableiter as ingress security boundary, you should provide your upload users with an interface where they can preview the result of their upload. Remember that Blitzableiter is a normalization engine, not a detection program. Blitzableiter generates a clean, normalized and rule enforcing new version of the uploaded Flash content. The upload user should be able to inspect the resulting Flash file in order to make sure that functionality as well as visual and audio appearance are still as expected. The upload user may also see an error report from Blitzableiter, detailing where his content violates the SWF specification far enough to get his file rejected.

The complete upload process for a fictive Ad Hoster could be similar to this:

1. Ad agency logs into account and creates new ad entry for campaign
2. Ad agency specifies campaign target URL (destination the user gets sent to when clicking the ad)
3. Ad agency uploads Flash banner
4. Blitzableiter normalizes banner, checks dimensions and checks/patches AVM code to ensure only the campaign URL is targeted
5. Resulting Flash banner is presented to Ad agency user, who verifies functionality and approves posting

Integration Options¶

There is generally three ways you can integrate Blitzableiter into your Web Application:

• If you only want to prevent malicious Flash content, you can use the command line Blitzableiter.exe normalizer. It could be triggered from your upload handler script.
• If you want to verify a couple of properties of the Flash content, you can use Blitzableiter's core assembly SWF.DLL in your ASP.NET project.
• If you want to perform customized verification for several (or many) different property cases in multiple Web Applications, the upcoming Web Service should be your tool of choice. It will always run on the latest version of Blitzableiter and allow to specify the checks and rules within the request for normalization.