I have come across many applications that use Adobe Flash or Flex technology. Is it appropriate to use the SOAP policy when assessing such applications using WI or QAI?
An example application is written in (M)XML and/or ActionScript.
Thanks,
-L
Only a Web Service Assessment will yield the SOAP oriented attacks.
So, if your FLEX implementation utilises SOAP, you're best off running a Web Service Assessment to assess vulnerabilities regarding SOAP.
Alternatively, if your FLEX implementation is simply utilising XML and/or AMF (ActionScript Messaging Format) then a Web Application Assessment should do the trick.