Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Rapid7 Adds Dynamic Flash Analysis to NeXpose

Rapid7, a Boston-based provider of vulnerability management and penetration testing solutions, today announced that its NeXpose product now provides full Adobe® Flash decompilation and analysis support. With the new feature, Rapid7’s Web application scanning goes beyond basic Flash support with the ability to discover more vulnerabilities and improve intelligence in Flash analysis.

Rapid7, a Boston-based provider of vulnerability management and penetration testing solutions, today announced that its NeXpose product now provides full Adobe® Flash decompilation and analysis support. With the new feature, Rapid7’s Web application scanning goes beyond basic Flash support with the ability to discover more vulnerabilities and improve intelligence in Flash analysis.

Rapid 7 NetExposeAdobe’s Flash player has been an increasingly attractive target for malicious hackers, and while many vulnerability scanners do check Flash player security, most are unable to provide the deep inspection of Flash applications that run in the environment, leaving both clients and servers unprotected from many dangerous security issues, including remote hijacking, SQL injections and malicious SWF files.

Rapid7’s support for Web application Flash content enables NeXpose 4.10.4 users to conduct vulnerability scans that provide a deeper level of analysis on all websites and discover more vulnerabilities. This protects both the consumer of the website against XSS attacks, as well as the hosts of the website against other vulnerabilities. The new capability enables Rapid7 users to analyze Flash forms, which can uncover more potential injection points in the application, information disclosures and coding mistakes. For example, users can now find pages only linked from Flash menus, discover hard-coded credentials in Flash elements and analyze HTTP POST requests in Flash forms for injection vulnerabilities.

“As companies face increasing Web application attacks today, especially with Adobe Flash and its excessive risks, it has remained our goal to stay ahead and proactively offer a broad range of Web security best practices, including solutions for NeXpose and Metasploit,” said Mike Tuchen, president and CEO, Rapid7.

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.