HP SWFScan is a free security tool to developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden within the application which cannot be detected with dynamic analysis methods.
In addition, HP SWFScan offers several other features to help developers, code auditor/reviewers, and pen-testers examine the contents of Flash applications, including:
* Highlighting the line of source code that contains the vulnerability to help better understand the context of the issue.
* Providing summaries, details, and remediation advice for each vulnerability in accordance with Adobe’s recommendation for secure Flash development.
* Generating a vulnerability report to share and solve the detected issues.
* Exporting the decompiled source code for use with other external tools.
* Revealing all the URLs and web services the Flash Application contacts.
* Flagging class names, function names, or variable names that may be of interest such as loadedUserXml or crypt()
How SWFScan works and what vulnerabilities it finds:
- Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
- Identifies and reports insecure programming and deployment practices and suggests solutions.
- Enables you to audit third party applications without requiring access to the source code.
You can download SWFScan here: