HP's SWFScan free tool has been released to help Flash developers protect their Web sites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.
According to HP, companies are turning to web 2.0 technologies and Adobe Flash platforms to develop their online applications. HP points out that globally more than 98% of Internet-connected PCs use Flash.
Jonathan Rende, general manager and vice-president for products, software and solutions, HP, says companies developing Web 2.0 applications need to be vigilant about preventing hacker attacks and eliminating software defects.
HP SWFScan allows Flash developers to deliver more secure code without becoming security experts. The software tool can identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods.
Brad Arkin, product security and privacy director, secure software engineering team, Adobe, says: “We worked with HP on their SWFScan tool, which will help Flash developers find potential security issues early in the development process so they can understand and prevent problems before Web applications are ever deployed.”
An example of the types of security vulnerabilities HP SWFScan can prevent is leaving confidential information accessible to hackers. According to HP, Flash developers may create an unintentional vulnerability by encoding access information such as passwords, encryption keys or database information directly into their applications.
HP analysed almost 4 000 Web applications developed with Flash software and found that 35% violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information.
Gartner vice-president, Joseph Feiman: “Applications developed with Flash technologies are no more immune to security vulnerabilities than any other Web applications. Giving Flash developers the ability to check whether their code is secure, providing guidance on how to fix it, and offering best secure programming practices will help to protect businesses and their customers from hackers.”
Related stories:
The network smartens up
IT biggest culprit for energy wastage
HP keeps an ye on Africa
ICT integration boosts efficiency
Share
