Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SWFScan
Posted by: br0kan
Date: March 25, 2009 07:48AM

The HP AppSec group (*cough SPI Dynamics) released a Flash app. automated vuln. scanner last week. It's not a bad tool. It basically pulls down the the Flash swf file, then it more or less reverse engineers the file before finally performing source code analysis on the the disassembled code. Basically it combines Flasm with something like RATS. It's a lot simpler than it sounds.

You can download it here
https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf&jumpid=go/swfscan

Also if you're just experimenting with it, the IBM Rational test website (meant for IBM Rational AppScan) works pretty well... http://demo.testfire.com/vulnerable.swf

Options: ReplyQuote


Sorry, only registered users may post in this forum.