network scanners and flash
So, obviously, network and application scanners are targeting flash ‘.swf’ (swiff) files. These scanners decompile and then do static analysis on the code. Very cool stuff. There are several that I know of that are handling swiff code in this manner.
1) SWFScan (sorry for linking to a forum search, but there is no nice clean URI for this product)
If I had the time, I’d like to see how these automated scanners handle malformed swiff files (hack-a-hack attacks).
A quick question for those more familiar with flash security tools: is there an open source lib for decompiling flash swiff files? Comment here or shoot me an email at firstname.lastname@example.org