We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Scan for Flash bugs with free HP tool

Developers pinpoint bugs in Flash 9 & 10

HP has released a free development tool that finds vulnerabilities in Flash, Adobe's widely used but occasionally buggy interactive web technology.

The tool, SWFScan, is designed for developers without security backgrounds, the company said on one of its blogs. It was built by HP's Web Security Research Group.

HP said SWFScan joins other tools that can spot problems with Flash, such as Flare and SWFIntruder. But HP said SWFScan is the only one that can be used with Flash versions 9 and 10; ActionScript 3, Flash's scripting language; and Flex, an open-source web application framework used by Adobe.

SWFScan will decompile ActionScript 2 and 3 into original source code and perform static analysis, looking for more than 60 vulnerabilities including data leakage, cross-site scripting vulnerabilities and cross-domain privilege escalation, HP said.

The tool highlights troublesome lines in source code and will also provide remediation advice. It will format a vulnerability report, as well as allow the export of source code for work in other tools, HP said.

HP said it tested SWFScan on some 4,000 Flash applications and found that 35 percent violated Adobe's best security practices. Sixteen percent of applications for Flash player 8 and earlier contained cross-site scripting vulnerabilities. Fifteen percent of those applications with login forms had user names or passwords hard coded into the application, HP said.

HP cautioned that the tool only looks at the part of a Flash application that runs in a browser and not those parts running on a server.


IDG UK Sites

Sky to offer mobile phone contracts with O2: Will Vodafone make a move?

IDG UK Sites

Good news for Apple, bad news for Samsung (and the rest of us)

IDG UK Sites

Do we need to fight the government again over design and art education?

IDG UK Sites

How to make money selling books on the iBookstore, publish your book in Apple's book store