1 in 3 Flash Web Applications Violates Security Best Practices

HP analyzed almost 4,000 web applications developed with Flash software and found that 35 percent violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information.

HP has announced HP SWFScan, a free tool to help Flash developers protect their websites against application security vulnerabilities and reduce the risk of hackers accessing sensitive data.

HP SWFScan allows Flash developers to deliver more secure code without becoming security experts. The tool claims to be a first of its kind to decompile applications developed with the Flash Platform and perform static analysis to understand their behaviors. This helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods.

With HP SWFScan, Flash developers can:

  • Check for known security vulnerabilities that are targeted by malicious hackers. This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.
  • Fix problems quickly by highlighting vulnerabilities in the source code and receiving solid guidance on how to fix the security issues.
  • Verify conformance with best security practices and guidelines.

HP SWFScan FAQ says that it supports all public versions of Flash. In other words, up to and including Flash 10, though as long as SWF uses ActionScript 2 or ActionScript 3 SWFScan should continue to work..

A free download of HP SWFScan is available at www.hp.com/go/swfscan.

The following two tabs change content below.
Content Team

Content Team

The IndicThreads Content Team posts news about the latest and greatest in software development as well as content from IndicThreads' conferences and events. Track us social media @IndicThreads. Stay tuned!
Content Team

Content Team

The IndicThreads Content Team posts news about the latest and greatest in software development as well as content from IndicThreads' conferences and events. Track us social media @IndicThreads. Stay tuned!