[Owasp-testing] HP today announced HP SWFScan

Stefano Di Paola wisec at wisec.it
Sun Apr 5 05:46:07 EDT 2009


Oops errata corrige, 
it's not jw_player that has
 Security.allowDomain(URLUtil.pageUrl);
but flow player:
http://flowplayer.org/download/index.html

Cheers,
Stefano

Il giorno ven, 03/04/2009 alle 18.41 +0200, Stefano Di Paola ha scritto:
> Guys, 
> 
> @Eoin:
> I'd say that SWFScan is a good decompiler (finally for free) for AS3
> but:
> - It seems has some issue in decompiling non Flex compiled ActionScript
>   2/3 (Example http://www.aflax.org/aflax.zip ) so it's better 
>   continue using flare when possible.
> - About the "static analysis" feature of SWFScan, it's not perfect as 
>   every static analysis tool, so the best is doing it by hand.
>   (Example: http://www.longtailvideo.com/players/jw-flv-player/)
>            if(this._config.playerId)
>             {
>                 Security.allowDomain(URLUtil.pageUrl);
>             }
>   is not alerted..(too complex!)
> 
> 
> as a side note, it seems HP is a bit wayward in giving credits about the
> underlying theory in Flash issues...but everyone knows, it's quite
> common ;)
> 
> @Matteo G.P. Flora:
> No it's different!... the one from HP has 9 little neurons,
> ours has an unnumerable continuous space of Real Number of them :P
> 
> @s4tan:
> Minded Security is soo ahead that we choose a so nice logo that also in
> the past everyone copied us! :P
> 
> Cheers,
> Stefano
> 
> Il giorno ven, 03/04/2009 alle 12.36 +0200, Matteo G.P. Flora ha
> scritto:
> > Eoin wrote:
> > > https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf
> > > Not sure if it is any good. Matteo &  folks @ Minded Security and
> > > thoughts on this one?
> > 
> > Am I the only paranoid bastard who see an astounding similarity between
> > the logo on the HP page and Minded Security's logo?
> > 
> > cfr:
> > [1] http://www.mindedsecurity.com/
> > [2]
> > https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/images/G8560009032008-landing2.jpg
> > 
> > M.
> 
--
Stefano Di Paola
Chief Technology Officer, Lead Auditor ISO 27001
Minded Security - Application Security Consulting

Minded Security S.r.l.
Via Duca D'Aosta, n.20 50129 Firenze (FI)
www.mindedsecurity.com




More information about the Owasp-testing mailing list