[ insider_reports_insider ]
HP Reveals Free Security Tool For Flash Developers
SecurityProNews
Staff Writer
2009-03-27
 Insider Reports RSS Feed
HP's Web Security Research Group has developed SWFScan, a free tool for Flash developers they can use to discover security vulnerabilities in the applications they create.
 | | HP Reveals Free Security Tool For Flash Developers |  |
Analyzing about 4,000 Flash-based web applications, HP found that 35 percent of them violated Adobe's security best practices. With Flash players installed on about 98 percent of the world's computers, that makes it a big hacker target.
"The Adobe Flash Platform is being used more and more by large media companies and for business-critical applications. We are working with HP to make sure developers have tools to help secure content and keep customers safe," said Brad Arkin, product security and privacy director, Secure Software Engineering Team, Adobe.
In addition, Flash-based games and videos are among the most popular items on the Web, offering hackers access to enormous numbers of people. In game environments, hackers have been known to hijack users' profiles to steal virtual goods, which can be sold for actual money.
SWFScan decompiles applications developed on the Flash Platform and performs static analysis to understand their behaviors to identify vulnerabilities beneath the surface that may not be detectable by traditional methods.
The tool checks for known vulnerabilities targeted by hackers, which includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and unvalidated user input.
The SWFScan tool can be downloaded at HP's website. In a video produced by HP, the company highlights how hackers can take advantage of Flash vulnerabilities.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
