Threat Center Security News Flash-app now less vulnerable with HP free tool
Flash-app now less vulnerable with HP free tool Print E-mail
Written by Rebecca Mints   
Thursday, 26 March 2009 00:59

Software developer Hewlett-Packard has come up with another tool that will help developers check for vulnerabilities in their Flash applications. 

HP is set to release SWFScan next week, to be made available for free to millions of Adobe Flash Player users worldwide. The tool has been designed to decompile Flash applications and search for vulnerabilities and violations of Adobe’s security guidelines.

Billy Hoffman, head of HP’s Web Security Research Group said the tool works with all versions of Flash.

“Adobe Flash player is installed on more than 98 percent of computers with internet connection and because of this, it is a popular target for attackers,” explained Hoffman.

Hoffman said of the almost 4,000 web applications written on Flash platform, 35% has been found to be violating Adobe’s best security practices.

Security holes in Flash applications may lead to data leaks and other security problems on internet-connected computers.

SWFScan is the second tool to be released this year directed at patching holes in Flash-apps. Last month, hardware giant IBM came out with Rational AppScan, a tool that can make automatic scanning of Flash and Ajax-based applications. But unlike the HP tool, the Rational AppScan is not for free and costs $17,550 for a one-year license.


WTW Threat Level