Security Information Vulnerability Research Security Blog

network scanners and flash

August 22nd, 2009 by dmitryc, Filed under: Commentary

So, obviously, network and application scanners are targeting flash ‘.swf’ (swiff) files.  These scanners decompile and then do static analysis on the code.  Very cool stuff.  There are several that I know of that are handling swiff code in this manner.

1) SWFScan  (sorry for linking to a forum search, but there is no nice clean URI for this product)

2) Ratproxy which uses  Flare

If I had the time, I’d like to see how these automated scanners handle malformed swiff files (hack-a-hack attacks).

A quick question for those more familiar with flash security tools: is there an open source lib for decompiling flash swiff files?  Comment here or shoot me an email at dmitry.chan@gmail.com

Peace,

!Dmitry

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Let the experts make sure your website is safe. Vulnerability Assessment is the answer.

Comments are closed.

Security RSS Subscribe


Vulnerability Scanner