The Rich Internet Dev Blog http://www.richinternet.de/blog/index.cfm <p>HP?s Web Security Research Group <a href="http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx">has released a tool called SWFScan</a>. The application aims at helping developers finding and fixing security issues in compiled SWF files.</p><p>The tool first decompiles the SWF file (ActionScript 2 and 3 is supported) and then scans the generated sourcecode for a range of several security vulnerabilities like hard-coded passwords, XSS and cross-domain issues. Also, the tool checks the code against Adobe's security best practices. So in contrast to other decompiler tools this one really adds value for the developer. Worth checking out!</p><p>Dirk.</p> http://www.richinternet.de/blog/index.cfm?mode=entry&entry=376AEA3C-A34B-B678-706A896F2CDD2EF6 2009-03-24T08:38:54-02:00 Flex,Flash