HP SWFScan helps Flash developers protect applications
Posted on 24-Mar-2009 09:35.
Filed under: News
HP has announced HP SWFScan, a free tool to help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.
The company says as companies move to Web 2.0 technologies, including the Adobe Flash Platform and with Adobe Flash Player installed on more than 98 percent of Internet-connected PCs worldwide, it is imperative that web applications built with Flash technology are developed securely.
HP SWFScan allows Flash developers to deliver more secure code by being the first of its kind to decompile applications developed with the Flash Platform and perform static analysis to understand their behaviors. This helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods.
With HP SWFScan, Flash developers can check for known security vulnerabilities that are targeted by malicious hackers, including unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.
“The Adobe Flash Platform is being used more and more by large media companies and for business-critical applications. We are working with HP to make sure developers have tools to help secure content and keep customers safe,” said Brad Arkin, product security and privacy director, Secure Software Engineering Team, Adobe. “We worked with HP on their SWFScan tool, which will help Flash developers find potential security issues early in the development process so they can understand and prevent problems before web applications are ever deployed.”
HP analyzed almost 4,000 web applications developed with Flash software and found that 35 percent violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information. HP SWFScan helps developers find and correct these problems before they become an issue.
“Applications developed with Flash technologies are no more immune to security vulnerabilities than any other web applications,” said Joseph Feiman, vice president and fellow, Gartner. “Giving Flash developers the ability to check whether their code is secure, providing guidance on how to fix it, and offering best secure-programming practices will help to protect businesses and their customers from hackers.”