OWASP SWFIntruder v0.9 : Flash Applications security assessment tool

by

In: Application Scanner , Swfintruder , Vulnerability Scanner

5 December 2007

SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. It helps to find flaws in Flash applications using the methodology originally described by Stefano Di Paola in Testing Flash Applications (May 2007) and in Finding Vulnerabilities in Flash Applications (Nov 2007).

SWFIntruder purpose is to analyze a Flash application for version =< 8 and to help check in a semi automated fashion the presence of security issues like Cross Site Scripting and Cross Site Flashing.

Moreover does help raise awareness around the subject of flash applications security and how that can be used to and assist in the security of applications.

Features

  • Basic predefined attack patterns.
  • Highly customizable attacks.
  • Highly customizable undefined variables.
  • Semi automated Xss check.
  • User configurable internal parameters.
  • Log Window for debugging and tracking.
  • History of latest 5 tested SWF files.
  • ActionScript Objects runtime explorer in tree view.
  • Persistent Configuration and Layout

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Swfintruder
Vulnerability Scanner