We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Scan for Flash bugs with free HP tool

Developers pinpoint bugs in Flash 9 & 10

HP has released a free development tool that finds vulnerabilities in Flash, Adobe's widely used but occasionally buggy interactive web technology.

The tool, SWFScan, is designed for developers without security backgrounds, the company said on one of its blogs. It was built by HP's Web Security Research Group.

HP said SWFScan joins other tools that can spot problems with Flash, such as Flare and SWFIntruder. But HP said SWFScan is the only one that can be used with Flash versions 9 and 10; ActionScript 3, Flash's scripting language; and Flex, an open-source web application framework used by Adobe.

SWFScan will decompile ActionScript 2 and 3 into original source code and perform static analysis, looking for more than 60 vulnerabilities including data leakage, cross-site scripting vulnerabilities and cross-domain privilege escalation, HP said.

The tool highlights troublesome lines in source code and will also provide remediation advice. It will format a vulnerability report, as well as allow the export of source code for work in other tools, HP said.

HP said it tested SWFScan on some 4,000 Flash applications and found that 35 percent violated Adobe's best security practices. Sixteen percent of applications for Flash player 8 and earlier contained cross-site scripting vulnerabilities. Fifteen percent of those applications with login forms had user names or passwords hard coded into the application, HP said.

HP cautioned that the tool only looks at the part of a Flash application that runs in a browser and not those parts running on a server.


IDG UK Sites

Nexus 6 vs Samsung Galaxy Note 4 comparison: What's the best Android phablet?

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...