HP’s Web Security Research Group has released a tool called SWFScan. The application aims at helping developers finding and fixing security issues in compiled SWF files.

The tool first decompiles the SWF file (ActionScript 2 and 3 is supported) and then scans the generated sourcecode for a range of several security vulnerabilities like hard-coded passwords, XSS and cross-domain issues. Also, the tool checks the code against Adobe's security best practices. So in contrast to other decompiler tools this one really adds value for the developer. Worth checking out!

Dirk.