Today, Hewlett-Packard Co. has released a free tool called SWFScan to check for security holes in web Flash applications.
The tool was designed to help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.
The tool can scan for exposure of confidential information, cross-domain privilege escalation and Cross-Site Scripting (XSS). It decompiles the program and highlights the source code to identify between 60 and 65 vulnerabilities.
Also, the tool alerts developers if the application does not comply with Adobe's security best practices.
According to HP, 35 percent of nearly 4,000 Flash web apps violate Adobe's security best practices. To help developers cut down on security holes; the HP SWFScan tool decompiles Flash applications and searches the code for vulnerabilities.
HP worked closely with Adobe Systems Inc. to develop SWFScan. We are working with HP to make sure developers have tools to help secure content and keep customers safe,” said Brad Arkin, product security and privacy director, Secure Software Engineering Team, Adobe. “We worked with HP on their SWFScan tool, which will help Flash developers find potential security issues early in the development process so they can understand and prevent problems before web applications are ever deployed.”
Flash is one of the most common applications used for creating animation and games for Web 2.0, which security experts said needs better web security measures to protect against cyber attacks. Approximately 98 percent of internet-connected PCs worldwide have Flash players installed.
Microsoft last year asked HP to develop a tool to test for SQL injection vulnerabilities in applications for Microsoft's ASP platform.
For more information and free download of HP SWFScan visit: