Hewlett-Packard
AMSTELVEEN, 23 maart 2009 - HP kondigt HP SWFScan aan, een gratis
webtool voor Flash-ontwikkelaars om hun websites te beschermen tegen
hackers en datalekken.
HP SWFScan helpt ontwikkelaars om veiligere codes te maken. Het gaat
om de eerste tool die Flash-apllicaties decompileert en statistische
analyses uitvoert om het gedrag van de applicaties te begrijpen.
Zodoende kunnen lekken onder de oppervlakte van applicaties, die met
traditionele dynamische methodes niet te ontdekken zijn, toch
ge?dentificeerd worden.
Een voorbeeld van een datalek is dat Flash-ontwikkelaars vaak
onbedoeld toegangsinformatie, zoals paswoorden en encryptiesleutels,
encoden in hun applicaties. Billy Hoffman, mede-oprichter van SPI
dynamics, inmiddels onderdeel van HP, laat op deze video zien hoe hij
onbeperkt hamburgers kan winnen door op eenvoudige wijze een lek in
Flash te benutten.
Veel bedrijven die hun applicaties moderniseren, gaan over op Web 2.0
technologie?n waaronder Adobe? Flash? Platform. Adobe Flash Player is
inmiddels dan ook op ruim 98 percent van alle PC's met
internetverbinding ge?nstalleerd. Het is daarom noodzaak dat
webapplicaties, gebouwd met Flash technologie, veilig zijn.
Met de HP SWFScan kunnen Flash-ontwikkelaars:
? Controleren op bekende onregelmatigheden waar hackers naar op zoek
zijn, waaronder onbeveiligde vertrouwelijke informatie, cross-site
scripting, cross-domain privilege escalatie en gebruikers-input die
niet gevalideerd wordt.
? Snel problemen oplossen door zwakheden te highlighten in de
source-code en advies krijgen hoe deze veiligheidsproblemen op te
lossen.
? Nagaan of applicaties voldoen aan veiligheidsstandaarden en
richtlijnen.
Het programma is gratis te downloaden op www.hp.com/go/swfscan
Vervolg van het persbericht is in het Engels
"The Adobe Flash Platform is being used more and more by large media
companies and for business-critical applications. We are working with
HP to make sure developers have tools to help secure content and keep
customers safe," said Brad Arkin, product security and privacy
director, Secure Software Engineering Team, Adobe. "We worked with HP
on their SWFScan tool, which will help Flash developers find potential
security issues early in the development process so they can
understand and prevent problems before web applications are ever
deployed."
Find, fix and prevent security vulnerabilities
An example of the types of security vulnerabilities HP SWFScan can
prevent is leaving confidential information accessible to hackers.
Flash developers often create an unintentional vulnerability by
encoding access information such as passwords, encryption keys or
database information directly into their applications. This video
demonstrates how hackers can exploit this vulnerability.
HP analyzed almost 4,000 web applications developed with Flash
software and found that 35 percent violate Adobe security best
practices Non-HP site . Hackers can exploit this situation to
circumvent security measures and gain unfettered access to sensitive
information. HP SWFScan helps developers find and correct these
problems before they become an issue.
"Applications developed with Flash technologies are no more immune to
security vulnerabilities than any other web applications," said Joseph
Feiman, vice president and fellow, Gartner. "Giving Flash developers
the ability to check whether their code is secure, providing guidance
on how to fix it, and offering best secure-programming practices will
help to protect businesses and their customers from hackers."
The HP Web Security Research Group, which developed SWFScan, includes
many renowned experts in the security field. The group tracks
web-related security threats and develops new technology to help IT
professionals eliminate application security vulnerabilities. The
results of the group's research are incorporated into HP Application
Security Center, a suite of products that allows customers to find,
fix and prevent these vulnerabilities across the application life
cycle.
HP Application Security Center includes the HP Assessment Management
Platform as the foundation of the solution, and features HP DevInspect
software for developers, HP QAInspect software for quality assurance
teams and HP WebInspect software for operations and security experts.
"As organizations modernize their applications with Web 2.0
technology, they must be vigilant about preventing malicious hacker
attacks and eliminating software defects of a security nature," said
Jonathan Rende, general manager and vice president, Products, Software
and Solutions, HP. "HP continues to help make the web a safer place by
turning our security research into solutions for customers to protect
their applications, their websites and their sensitive information."
A free download of HP SWFScan is available at www.hp.com/go/swfscan.
About HP
HP, the world's largest technology company, simplifies the technology
experience for consumers and businesses with a portfolio that spans
printing, personal computing, software, services and IT
infrastructure. More information about HP (NYSE: HPQ) is available at
http://www.hp.com/.