Keeping an Eye on Adobe Flash Security Means Catching Common Programming Errors | eWeek

Keeping an Eye on Adobe Flash Security Means Catching Common Programming Errors

Écrit par
Brian Prince
Brian Prince
Feb 8, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

With hackers increasingly targeting Web 2.0 sites, knowing how to develop secure Adobe Flash applications can be a difference maker when it comes to avoiding mass compromises.

It is not surprising then that some are calling for developers to pay closer attention to Flash security. IBM, for example, just enhanced its AppScan tool to add the ability to test and scan Flash applications.

At the ShmooCon 2009 conference in Washington, D.C., Hewlett-Packard’s Prajakta Jagdale used her presentation Feb. 7 to focus on common vulnerabilities in Flash applications. In her research, Jagdale found that many developers leave, for example, uninitialized variables that leave applications open to cross-site scripting.

But as she noted in an interview prior to the conference, many of the common security holes-from input validation to having user name passwords hard-coded inside of the client code-are not exclusive to Flash.

“These are the general principles that are security principles that are applicable to any sort of technology language,” said Jagdale, research engineer with the HP Web Security Research Group.

Earlier this year, the SANS Institute teamed with a number of experts to produce a list of the top 25 most dangerous programming errors. That effort involved people from more than 30 organizations, including Symantec, McAfee and Microsoft.

The idea was that publicizing a list of the most common problems will cause buyers to exert more pressure on software vendors to certify that their code is free from those errors.

The certification, the authors contend, would put responsibility for the errors and any damage they cause in the hands of the software vendor.

“There appears to be broad agreement on the programming errors,” SANS Institute Director Mason Brown said at the time in a prepared statement. “Now it is time to fix them. First we need to make sure every programmer knows how to write code that is free of the Top 25 errors, and then we need to make sure every programming team has processes in place to find, fix, or avoid these problems and has the tools needed to verify their code is as free of these errors as automated tools can verify.”

Whether or not buyers actually start to put pressure on vendors, avoiding common mistakes like the ones on the list or those mentioned by Jagdale protects us all in the long run. Certainly, there is no shortage of sources out there for information regarding best practices. Adobe, for example, offers a number of resources for developers looking for guidance on creating secure applications, Jagdale noted.

“All these recommendations are provided by the vendor … and whenever developers start developing any applications they should make sure they read the recommendations there,” she said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.