With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the first tool specifically developed for analyzing and testing security of Flash applications at runtime.
- Basic predefined attack patterns.
- Highly customizable attacks.
- Highly customizable undefined variables.
- Semi automated XSS check.
- User configurable internal parameters.
- Log Window for debugging and tracking.
- History of latest 5 tested SWF files.
- ActionScript Objects runtime explorer in tree view.
- Persistent Configuration and Layout.
SWFIntruder was developed by using only open source software. Thanks to its generality, SWFIntruder is OS independant.
You can download SWFIntruder here:
Or read more here.