Hewlett-Packard (HP) has released a free tool named HP SWFScan, which according to the company, can help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.
HP SWFScan helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods. One example of these are for example xss -vulnerabilities (cross site scripting). The tool guides developers on fixing found vulnerabilities in source code so that those get fixed according to best security practices.
"Flash developers often create an unintentional vulnerability by encoding access information such as passwords, encryption keys or database information directly into their applications," states HP.
HP analyzed almost 4,000 web applications developed with Flash. 35 percent of these contained things that violate Adobe security best practices.
Related press release can be read here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment