You can't secure what you don't acknowledge.SM

Wednesday, June 3, 2009

Neat (and free) tool for finding Flash flaws

HP's Application Security Center recently released SWFScan - a standalone tool that decompiles Flash applications and searches for security holes inside the code. Very cool.

It's pretty surprising how many vulnerabilities Flash files can contain including XSS, embedded SQL statements, encryption keys, login credentials and more. Definitely worth downloading and taking it for a spin. Here's a screenshot of the interface and some findings:

Also, check out Billy Hoffman's video walkthrough of a Flash exploit. Watch it and you'll see that Flash poses some pretty serious security issues.

No comments:

Post a Comment