HP releasing free Flash security tool today
Monday, March 23, 2009
HP will release today a free tool for developers to check for security holes in their Flash applications.
Flash is one of the most common applications used for creating animation and games for Web 2.0, which security experts said needs better web security measures to protect against cyberattacks. Approximately 98 percent of internet-connected PCs worldwide have Flash players installed.
HP analyzed nearly 4,000 Flash web apps and found that 35 percent violate Adobe's security best practices. To help developers cut down on security holes, the HP SWFScan tool decompiles Flash applications and searches the code for vulnerabilities, according to HP's web security group.
The tool can scan for exposure of confidential information, cross-domain privilege escalation and Cross-Site Scripting (XSS). Also, the tool alerts developers if the application does not comply with Adobe's security best practices.
Microsoft last year asked HP to develop a tool to test for SQL injection vulnerabilities in applications for Microsoft's ASP platform, security experts said.
IBM has also released a tool that automatically scans Flash and Ajax-based applications for security flaws.
Adobe just issued a patch for a flaw in the Flash player that could allow a remote attacker to take control of a computer.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
