Technology news and Jobs 
VIRTUALISATION HP tool checks Flash apps for common security flaws
VIRTUALISATION HP tool checks Flash apps for common security flaws | HP tool checks Flash apps for common security flaws |
|
| by Stephen Withers | |
| Tuesday, 24 March 2009 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
Generalisations are always dangerous, but it's probably fair to say that the typical Flash developer doesn't have a background that would lead him or her to keep security in mind while producing an application. "As organizations modernize their applications with Web 2.0 technology, they must be vigilant about preventing malicious hacker attacks and eliminating software defects of a security nature," said Jonathan Rende, HP's general manager and vice president, products, software and solutions. Developed by HP's web security research group, the free SWFScan utility decompiles Flash applications and carries out static analysis to identify potentially dangerous practices. It then provides guidance on fixing the problems detected, highlighting the relevant part of the source code. Examples of the issues detected by SWFScan include unprotected confidential data (eg, hard-coded passwords, encryption keys or database information), cross-site scripting, cross-domain privilege escalation, and non-validated user input. "The Adobe Flash Platform is being used more and more by large media companies and for business-critical applications. We are working with HP to make sure developers have tools to help secure content and keep customers safe," said Brad Arkin, product security and privacy director, Secure Software Engineering Team, Adobe. "We worked with HP on their SWFScan tool, which will help Flash developers find potential security issues early in the development process so they can understand and prevent problems before web applications are ever deployed," he added. SWFScan can be downloaded from HP's web site. |
Tags
| < Next story in category | Previous story in the category > |
|---|
