HP's Free Adobe Flash Vulnerability Scanner

Posted by kdawson on Tuesday March 24, 2009 @07:10AM from the practicing-safe-flash dept.

Catalyst writes "SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe's security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice."

3 of 82 comments (clear)

Min score:

Reason:

Sort:

SFWScan by MrEricSir · 2009-03-24 07:12 · Score: 4, Funny

Can they also make SFWScan?
That would help avoid potentially embarrassing situations at work.

--
There's no -1 for "I don't get it."
1. Re:SFWScan by Shakrai · 2009-03-24 07:24 · Score: 2, Funny
  
  Sure, here's some code to do that:
  if (strcmp(link.postedby, "Anonymous Coward") == 0 || strstr(link.url, "goatse" != NULL) return false;
  else return true;
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
Re:What good is it? by Pharmboy · 2009-03-24 07:39 · Score: 3, Funny

And the guy in the video has a plate of burgers to prove they did it anyway.

--
Tequila: It's not just for breakfast anymore!