Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP's Free Adobe Flash Vulnerability Scanner

Posted by kdawson on from the practicing-safe-flash dept.

Catalyst writes "SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe's security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice."

1 of 82 comments (clear)

  1. Re:Wonder when they will release ... by ShadowRangerRIT · · Score: 4, Insightful

    Paranoid much? This is for Flash developers to avoid doing stupid things with an app that endangers their site, perhaps with a few checks to help avoid exposing their customers to additional risk. Why on Earth do you think there is an ulterior motive here?

    Keep in mind there are already loads of .NET security analyzers out there. TFA notes that the current Flash analyzers are frequently not up to date with the latest Flash releases. Is it so horrible of them to try and be helpful?

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print