Writing secure Flash apps with help from SWFScan

From the HP site:

HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.
 
  1. Download and install SWFScan from http://www.hp.com/go/swfscan.
  2. Run SWFScan.
  3. Click the Settings button. The Settings dialog box displays.
  4. Select the Checks tab. Then just click on each one of the items to read about the vulnerability and the potential fix for it.
The tool runs on Windows only.
 
You just point it at a file or URL, and it will decompile it. It will also analyze the swf to detect any embedded URLS, and more importantly any potential security threats (Database connection strings, passwords, debug messaging, cross site scripting vulnerabilities, etc..). This could be useful if you are auditing applications, or if you are inheriting a legacy application and want to find any weaknesses in it.
Advertisements

About Saran

Hello there!!! I'm Saravanan, born and living in India. The main reason i decided to start this project it was because there should be a way to transfer my knowledge which i experimented in flash to all. i try to concentrate as much as possible all kind of issues can appear to someone is developing an Flash application. If you need help, or if you would like to see in this blog some issues, send me an e-mail to rksaran@rediffmail.com Follow Me: twitter:http://twitter.com/rksaran Best Regards, SRK
This entry was posted in AS3, Flash, Secure. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s