Give us a flash! Introducing SWFScan, the Flash Security Scanner

By Tom on 19 September 2009

The nice people at the Web Security Research Group over at HP have created a bit of goodness that will find vulnerabilities in applications built on the Flash platform.  Right now it's free but no doubt they will be merging this with WebInspect at some point I'm guessing.

It will;

(a) decompile the Flash application and extract the ActionScript code and statically analyse it, identifying things like information disclosure.

(b) reports on insecure programming and deployment practices and suggests solutions (like buy WebInspect? ;o))

(c) enables you to audit third party applications without requiring access to the source code.

All in all, a nice little addition to a penetration tester's web application testing toolkit.

Grab SWFScan here.  Or read more about it here.

Categories:

Tags:

Tag Cloud

Other Posts

Introducing Ncrack, a Network Brute Forcer on Crack
"Ncrack is an open source tool for network authentication cracking. It was designed for high-speed parallel cracking using a dynamic…
Hash Me Up (Mac OS X Styleee)
On a good day you'll catch me on my MacBook Pro like any other Apple fanboy.  However, I was on…
Kneber Botnet - The End is Nigh! Not Quite!
Just a quick one this morning...  A botnet has been discovered that has apparently hijacked more than 75,000 boxes across…
Web 2.0 + People = New Challenges
This article originally appeared on Verizon Business' ThinkForward blog.  It is written by me with a different audience in mind…
Nmap 5.20 released
More than 150 significant improvements,30+ new Nmap Scripting Engine (NSE) scriptsEnhanced Performance and Reduced Memory ConsumptionProtocol-specific Payloads for more Effective…
BackTrack Final 4 released
BackTrack 4 (Final) is officially released. If you didn't already know, "BackTrack is a Linux-based penetration testing arsenal that aids…
Second GSM Cipher Fail - A5/3
The GSM encryption algorithm A5/1 has been known to be broken for some time now... about 10 years to be…
Attack on PHP sessions and random numbers
PHP random numbers and session IDs weaker than thought.  Proof of concept code and further information at http://samy.pl/phpwn/…
Friend or foe? Automated Malware Analysis and Identification
I am doing a PhD on the subject so it's only right I post something up related to it.  Whether…
Give us a flash! Introducing SWFScan, the Flash Security Scanner
The nice people at the Web Security Research Group over at HP have created a bit of goodness that will…