Slashdot has an interesting article today about checking SWF’s for vulnerabilities…
HP SWFScan is a free Windows-based security tool to help developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden within the application which cannot be detected with dynamic analysis methods.
Simply, point HP SWFScan at the SWF file for any Flash application and it will:
- Decompile the ActionScript 2 or ActionScript 3 bytecode back to the original source code.
- Audit the code for over 60 vulnerabilities including exposure of confidential data, Cross-Site Scripting (XSS) and cross-domain privilege escalation.
- Validate the Flash application adherence with Adobe’s security best practices.
Read more about it…
Check the original article out at HP’s website…