HP releases Flash security tool for free
Earlier this month, I wrote about HP's new Flash security tool -- that tool, now officially called SWFscan (just as I predicted) is out. But there is one surprise, the tool is free.
SWFscan is a tool that decompiles flash code and looks for vulnerabilities.HP security researcher Prajakta Jagdale discussed the tool (then under development and not public) at Black Hat in Washington DC in February.
HP claims that to date it has analyzed nearly 4,000 flash web apps, and surprisingly they found that 35 percent of them had some kind of security issue with them.
Simple issues like information disclosure and more complex issues like cross site scripting vulnerabilties aren't always easily caught during a development process - finding those with SWFscan might make the process a whole lot easier.