Writing secure Flex apps with help from SWFScan

By Matthew J. Horn on March 24, 2009 4:06 PM | No Comments

Slashdot has an interesting entry on Flash security today. It features HP's SWFScan utility that decompiles and scans SWF files, and reports any vulnerabilities that it finds.

What I found really useful was the list of vulnerabilities that SWFScan looks for. You can read through them (there's about 50) as sort of a "refresher" on what a secure app should look like. To do that:

  1. Download and install SWFScan from http://www.hp.com/go/swfscan.
  2. Run SWFScan.
  3. Click the Settings button. The Settings dialog box displays.
  4. Select the Checks tab. Then just click on each one of hte items to read about the vulnerability and the potential fix for it.
Good stuff! The tool runs on Windows only, unfortunately.

Categories:

Leave a comment

Search

Community Help

Contribute to Community Help

About this Entry

This page contains a single entry by Matthew J. Horn published on March 24, 2009 4:06 PM.

New Doc on Flex Gumbo Efffects was the previous entry in this blog.

New Doc on Flex Gumbo States Available is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.