So, obviously, network and application scanners are targeting flash ‘.swf’ (swiff) files. These scanners decompile and then do static analysis on the code. Very cool stuff. There are several that I know of that are handling swiff code in this manner.
1) SWFScan (sorry for linking to a forum search, but there is no nice clean URI for this product)
If I had the time, I’d like to see how these automated scanners handle malformed swiff files .
A quick question for those more familiar with flash security tools: is there an open source lib for decompiling flash swiff files? Comment here or shoot me an email at dmitry.chan@gmail.com
Peace,
!Dmitry