Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • IT Management

    IBM Targets Adobe Flash Vulnerabilities with New Tool

    By
    BRIAN PRINCE
    -
    February 4, 2009
    Share
    Facebook
    Twitter
    Linkedin

      IBM Rational has updated its AppScan tool to offer developers a helping hand in finding vulnerabilities in their Adobe Flash applications.

      With AppScan Standard Edition 7.8, IBM has added the ability to not only test and scan Flash apps but also SOA (service oriented architecture) applications and AJAX technology.

      The enhancements come as hackers continue to target Web 2.0 sites with their wares. According to research by IBM’s X-Force, more than half of all vulnerabilities disclosed last year were tied to Web applications, and of those, more than 74 percent had no patch.

      “As business move to more dynamic, personalized Web presences [that are] enabled via Web 2.0 and SOA technologies, there is a need to be more vigilant in managing compliance and security vulnerabilities,” said David Grant, director of security and compliance solutions, IBM Rational. “In particular, Adobe Flash, which is now present on 98 percent of desktops, introduces new security and compliance risks.”

      The new AppScan tool tests for a number of vulnerabilities in Flash and Flex applications, including cross-site flashing, cross-site scripting, Flash parameter injection and misconfiguration. With Flash files, AppScan first determines all the entry points, such as flash variables, query string parameters and uninitiated global variables, and locates potentially dangerous code. It then mutates the input values to determine whether the Flash files are vulnerable, explained David Allan, director of security research at IBM Rational.

      “For Flex applications, AppScan will parse the ActionScript Message Format (AMF) and apply tuned payloads to uncover vulnerabilities such as SQL injection, buffer overflows and session fixation,” he said. “Lastly, AppScan will also look at the server configuration…to determine if there are overly permissive settings that may allow an attacker to compromise the application.”

      IBM has also built in new risk assessment capabilities with the inclusion of CVSS (Common Vulnerability Scoring System) scores. They have also new production monitoring functionality in AppScan OnDemand to allow companies to find and fix problems more readily. Security alerts can also be sent to mobile devices as they occur, allowing customers to immediately fix vulnerabilities before they become noncompliant, IBM officials said.

      “What is different is the fact that we now have an offering for monitoring live production Web applications via a SAAS approach,” Grant explained. “Previously, organizations were reluctant to test live applications due to the potential of damage, but with this new offering we have eliminated that issue.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×