[Owasp-testing] HP today announced HP SWFScan
Stefano Di Paola
wisec at wisec.it
Sun Apr 5 05:46:07 EDT 2009
Oops errata corrige,
it's not jw_player that has
but flow player:
Il giorno ven, 03/04/2009 alle 18.41 +0200, Stefano Di Paola ha scritto:
> I'd say that SWFScan is a good decompiler (finally for free) for AS3
> - It seems has some issue in decompiling non Flex compiled ActionScript
> 2/3 (Example http://www.aflax.org/aflax.zip ) so it's better
> continue using flare when possible.
> - About the "static analysis" feature of SWFScan, it's not perfect as
> every static analysis tool, so the best is doing it by hand.
> (Example: http://www.longtailvideo.com/players/jw-flv-player/)
> is not alerted..(too complex!)
> as a side note, it seems HP is a bit wayward in giving credits about the
> underlying theory in Flash issues...but everyone knows, it's quite
> common ;)
> @Matteo G.P. Flora:
> No it's different!... the one from HP has 9 little neurons,
> ours has an unnumerable continuous space of Real Number of them :P
> Minded Security is soo ahead that we choose a so nice logo that also in
> the past everyone copied us! :P
> Il giorno ven, 03/04/2009 alle 12.36 +0200, Matteo G.P. Flora ha
> > Eoin wrote:
> > > https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf
> > > Not sure if it is any good. Matteo & folks @ Minded Security and
> > > thoughts on this one?
> > Am I the only paranoid bastard who see an astounding similarity between
> > the logo on the HP page and Minded Security's logo?
> > cfr:
> >  http://www.mindedsecurity.com/
> > 
> > https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/images/G8560009032008-landing2.jpg
> > M.
Stefano Di Paola
Chief Technology Officer, Lead Auditor ISO 27001
Minded Security - Application Security Consulting
Minded Security S.r.l.
Via Duca D'Aosta, n.20 50129 Firenze (FI)
More information about the Owasp-testing