So, obviously, network and application scanners are targeting flash ‘.swf’ (swiff) files.  These scanners decompile and then do static analysis on the code.  Very cool stuff.  There are several that I know of that are handling swiff code in this manner.

1) SWFScan  (sorry for linking to a forum search, but there is no nice clean URI for this product)

2) Ratproxy which uses  Flare

If I had the time, I’d like to see how these automated scanners handle malformed swiff files (hack-a-hack attacks).

A quick question for those more familiar with flash security tools: is there an open source lib for decompiling flash swiff files?  Comment here or shoot me an email at dmitry.chan@gmail.com

Peace,

!Dmitry