HP announced HP SWFScan, a free tool to help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of attackers accessing sensitive data.
As companies modernize their applications to give users a better experience online, they are moving to Web 2.0 technologies, including the Adobe Flash Platform. With Adobe Flash Player installed on more than 98 percent of Internet-connected PCs worldwide, it is imperative that web applications built with Flash technology are developed securely.
HP SWFScan allows Flash developers to deliver more secure code without becoming security experts. The tool is the first of its kind to decompile applications developed with the Flash Platform and perform static analysis to understand their behaviors. This helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods.
With HP SWFScan, Flash developers can:
- Check for known security vulnerabilities that are targeted by malicious hackers. This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.
- Fix problems quickly by highlighting vulnerabilities in the source code and receiving solid guidance on how to fix the security issues.
- Verify conformance with best security practices and guidelines.
Find, fix and prevent security vulnerabilities
An example of the types of security vulnerabilities HP SWFScan can prevent is leaving confidential information accessible to hackers. Flash developers often create an unintentional vulnerability by encoding access information such as passwords, encryption keys or database information directly into their applications. This video demonstrates how hackers can exploit this vulnerability.
HP analyzed almost 4,000 web applications developed with Flash software and found that 35 percent violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information. HP SWFScan helps developers find and correct these problems before they become an issue.
The HP Web Security Research Group, which developed SWFScan, includes many renowned experts in the security field. The group tracks web-related security threats and develops new technology to help IT professionals eliminate application security vulnerabilities. The results of the group’s research are incorporated into HP Application Security Center, a suite of products that allows customers to find, fix and prevent these vulnerabilities across the application life cycle.