RealTime IT News

HP's New Flash Security Tool Nears Release

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT

Flash Player

From the "Things you see at Black Hat" files:

People talk about all kinds of things at a Black Hat event, sometimes even unreleased commercial products. Nearly a month ago, I was in a session at Black Hat DC where HP security researcher Prajakta Jagdale talked about the security risks associated with Flash. Buried in that presentation was the discussion of a tool called SWFscan -- a new tool under development from HP that decompiles Flash code and looks for vulnerabilities. has now learned that HP plans to officially announced a Flash security tool on March 23.

In her Black Hat presentation, Jagdale gave an overview of SWFscan that showed some interesting capabilities. Unfortunately, the Black Hat presentation link to Jagdale's slides is no longer operational. Fortunately for me (and for you, good readers) I got a CD copy from the conference and I took decent notes while sitting in the presentation.

SWFscan is supposed to support all versions of Flash and will analyze Flash applications and report on the security vulnerabilities it detects. The way that works is it will decompile the SWF byte code and generate ActionScript code (sort of like JavaScript) that can be analyzed.

[Continue reading this blog post at Netstat -vat by Sean Michael Kerner]