The popularity of Adobe’s multimedia Flash software also makes it a popular target for hackers intent on spreading malware.
Adobe is diligent about issuing patches as security issues surface, but how do you scan a Flash application to see if it’s a security risk?
Security vendor Rapid7 says the latest update of its NeXpose vulnerability management solution is one approach as it’s specifically designed for Flash. Rapid 7 said NeXpose 4.10.4 provides full decompilation of Flash content in an effort to help identify security risks.
“For Web application administrators, the challenge is to have a tool that finds embedded links in Flash so that all parts of the website are scanned, and to uncover vulnerabilities that are included in the code, such as hard-coded login credentials, insecure crypto, and usage of debugging functions,” Andres Riancho, director of Web security at Rapid7 told InternetNews.com. “The only way to uncover these is to decompile the binary Flash applications and to conduct a static code analysis.”
Rapid7 develops a number of security technologies and is the leading sponsor behind the Metasploit and w3af open source Web security projects.
eSecurity Planet has a full report on Rapid7’s new release.