Slashdot has an interesting entry on Flash security today. It features HP’s SWFScan utility that decompiles and scans SWF files, and reports any vulnerabilities that it finds.
What I found really useful was the list of vulnerabilities that SWFScan looks for. You can read through them (there’s about 50) as sort of a “refresher” on what a secure app should look like. To do that:
- Download and install SWFScan from http://www.hp.com/go/swfscan.
- Run SWFScan.
- Click the Settings button. The Settings dialog box displays.
- Select the Checks tab. Then just click on each one of hte items to read about the vulnerability and the potential fix for it.
Good stuff! The tool runs on Windows only, unfortunately.