Posts in Category "Security"

Flash Player 10.1 Admin Guide available

The outstanding Flash Platform doc blog has a link to the new admin guide for Player 10.1. This document covers tons of information including:

  • Player environment (file storage, processes, and versioning)
  • Installation
  • Administration settings (primarily privacy, security and disk space settings)
  • User-configured settings
  • Security

Much of this stuff is critical to Flex as well as Flash developers.

Writing secure Flex apps with help from SWFScan

Slashdot has an interesting entry on Flash security today. It features HP’s SWFScan utility that decompiles and scans SWF files, and reports any vulnerabilities that it finds.

What I found really useful was the list of vulnerabilities that SWFScan looks for. You can read through them (there’s about 50) as sort of a “refresher” on what a secure app should look like. To do that:

  1. Download and install SWFScan from http://www.hp.com/go/swfscan.
  2. Run SWFScan.
  3. Click the Settings button. The Settings dialog box displays.
  4. Select the Checks tab. Then just click on each one of hte items to read about the vulnerability and the potential fix for it.

Good stuff! The tool runs on Windows only, unfortunately.