Re: How to scan Flash application protected by a login ? (153 Views)
Reply
Occasional Visitor
rakumar2hp
Posts: 1
Registered: ‎04-03-2009
Message 1 of 2 (153 Views)

How to scan Flash application protected by a login ?

How do we scan flash applications protected by a login ? Does Swfscan support/have something like a login macro/script that can be used to direct the tool to scan the actual application ? I have been to the settings and do not find anything related.When I try to enter the url of the Flash applicaiton, it complains malformed flash application.(The URL, if entered in a browser redirects to a login page and once valid credentials are submitted takes us to the actual flash application.


Also are the features of SWFScan integrated to WebInspect 8.0 ?

Please use plain text.
Respected Contributor
HansEnders
Posts: 581
Registered: ‎07-01-2008
Message 2 of 2 (153 Views)

Re: How to scan Flash application protected by a login ?

You are correct, SWFScan does not support authentication.  It expects to have unhindered access to the target SWF file.

SWFScan is a prototype tool developed by our Web Security Research
Group as a showcase of our technology innovation. With the release of
the tool we wanted to share with the industry the incredible
advancements of our research team and help move the market forward.
WebInspect 8.0 has some of these abilities – it can statically analyze,
find vulnerabilities in, and report on the more current
versions of Flash which companies use to build complex rich internet
applications on including those with business logic. This is in
contrast to the previous Flash versions (v8 and earlier) which were
primarily used by marketing teams for content delivery, which are still
supported with WebInspect’s previous abilities from 7.7.


-- Habeas Data
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation