Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP's Free Adobe Flash Vulnerability Scanner

Posted by kdawson on from the practicing-safe-flash dept.

Catalyst writes "SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe's security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice."

2 of 82 comments (clear)

  1. What good is it? by frovingslosh · · Score: 5, Interesting

    Unless they make it into a Firefox plug-in that checks the flash code before running it, just what good is this?

    --
    I'm an American. I love this country and the freedoms that we used to have.
  2. Youtube by JJman · · Score: 5, Interesting

    So naturally my first thought was, I wonder how well youtube does.
    And lo: it's got 7 vulnerabilities.

    It's interesting how this behemoth of a flash provider is still not secure.
    *reaches for tinfoil hat*