WebApp Sec: Approach for testing sites that use RDS

[Daniel <dan () ugc-labs co uk>]

Hi all, 

Does anyone have any insight into the approach needed when testing sites 
which make use of MS's RDS and ActiveX?
I'm currently testing a site which uses both in a heavy fashion (the site 
itself uses about 20 odd ocx and the user has to download 9 cab files 
just to get to the logon page)

I've done a good search on google and nothing has been mentioned on 
testing sites with this setup (or my search fingers aren't working well 
today)

Any pointers would be greatly appreciated

D