HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.
How SWFScan works and what vulnerabilities it finds?
* Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
* Identifies and reports insecure programming and deployment practices and suggests solutions.
* Enables you to audit third party applications without requiring access to the source code.
Which versions of Flash will HP SWFScan support?
All public versions of Flash as of this writing. In other words, up to and including Flash 10, though as long as SWF uses ActionScript 2 or ActionScript 3 SWFScan should continue to work.
Can I load Flash applications from the Internet?
Yes. Specify the URL of the SWF file to be scanned and click ‘Get’.