[Owasp-testing] HP today announced HP SWFScan

Stefano Di Paola wisec at wisec.it
Fri Apr 3 12:41:01 EDT 2009


Guys, 

@Eoin:
I'd say that SWFScan is a good decompiler (finally for free) for AS3
but:
- It seems has some issue in decompiling non Flex compiled ActionScript
  2/3 (Example http://www.aflax.org/aflax.zip ) so it's better 
  continue using flare when possible.
- About the "static analysis" feature of SWFScan, it's not perfect as 
  every static analysis tool, so the best is doing it by hand.
  (Example: http://www.longtailvideo.com/players/jw-flv-player/)
           if(this._config.playerId)
            {
                Security.allowDomain(URLUtil.pageUrl);
            }
  is not alerted..(too complex!)


as a side note, it seems HP is a bit wayward in giving credits about the
underlying theory in Flash issues...but everyone knows, it's quite
common ;)

@Matteo G.P. Flora:
No it's different!... the one from HP has 9 little neurons,
ours has an unnumerable continuous space of Real Number of them :P

@s4tan:
Minded Security is soo ahead that we choose a so nice logo that also in
the past everyone copied us! :P

Cheers,
Stefano

Il giorno ven, 03/04/2009 alle 12.36 +0200, Matteo G.P. Flora ha
scritto:
> Eoin wrote:
> > https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf
> > Not sure if it is any good. Matteo &  folks @ Minded Security and
> > thoughts on this one?
> 
> Am I the only paranoid bastard who see an astounding similarity between
> the logo on the HP page and Minded Security's logo?
> 
> cfr:
> [1] http://www.mindedsecurity.com/
> [2]
> https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/images/G8560009032008-landing2.jpg
> 
> M.


Stefano Di Paola
Chief Technology Officer, Lead Auditor ISO 27001
Minded Security - Application Security Consulting

Email: stefano.dipaola [at] mindedsecurity.com

Minded Security S.r.l.
Via Duca D'Aosta, n.20 50129 Firenze (FI)
www.mindedsecurity.com




More information about the Owasp-testing mailing list