The SWFSCAN download link on HP site seems to be broken. Where can I download another copy?





Parents Reply
  • SWFScan is many years old (2009) and was a one-off, proof-of-concept freebie at the time of WebInspect 7.7.  Fortify Support might be able to track down an installer if requested, but the HP WebInspect product (currently version 10.30) includes SWFScan on its Tools menu.  Due to this bundlig, the SWFScan tool there identifies itself as being version 10.30 but has largely remained the same as ever in function.


    Shortly after SWFScan was released (2010?), its functionality was folded inside the WebInspect dynamic scanner, and the tool itself was added to the Tools menu inside WebInspect.  So since that time, the WebInspect scan runs the SWFScan engine behind the scenes on any SWF files encountered during the dynamic scan.  The SWF file is downloaded and decompiled in real-time and any static Flash vulnerabilities found are included in the scan's results.  This is the source of several of the WebInspect checks named with "Flash" that you may find after a scan or inside the Policy Manager tool's Search function.


    As an olive branch, I have added the last SWFScan MSI file that I have (1.0) plus some of the documentation that came out with its release.