Today Flash is the de-facto standard for developing interactive and rich web-based applications. It even comes installed on every new computer (it’s part of Windows XP installation). That’s what makes Flash applications a perfect target for client-side attacks.

So what exactly makes Flash a potential security threat? Its features. Flash applications can execute JavaScript when embedded in a HTML page; Forge binary requests and HTTP requests; Execute external Flash movies and much more. And let us not forget the multiple vulnerabilities recently discovered.

SWFIntruder is a free utility developed for analyzing and testing (in)security of Flash applications at runtime. It aims at finding potential security flaws, such as Cross Site Scripting and Cross Site Flashing, in Flash application using several methodologies.

SWFIntruder was developed using a mixture of ActionScript and JavaScript resulting in a tool taking advantage of the best features of those technologies in order to get the best capabilities for analysis and interaction with the testing Flash applications.

If you like Flash (just like us), but also fear for your computer security, take a look at our short guide on Flash privacy and security settings.