Uncategorized

HP releases free Adobe Flash Vulnerability Scanner

Slashdot has an interesting article today about checking SWF’s for vulnerabilities…
http://it.slashdot.org/article.pl?sid=09/03/24/1818229

g8560009032008-landing2

HP SWFScan is a free Windows-based security tool to help developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden within the application which cannot be detected with dynamic analysis methods.

Simply, point HP SWFScan at the SWF file for any Flash application and it will:

  • Decompile the ActionScript 2 or ActionScript 3 bytecode back to the original source code.
  • Audit the code for over 60 vulnerabilities including exposure of confidential data, Cross-Site Scripting (XSS) and cross-domain privilege escalation.
  • Validate the Flash application adherence with Adobe’s security best practices.

Read more about it…
http://www.hp.com/go/swfscan

Check the original article out at HP’s website…
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s