•  
  •  

Security Soapbox – Decompile Flash/Flex

Having built/architected/developed/consulted many Adobe Flex applications and being one of the first certified Flex instructors in the world, I’ve seen a lot of Flex applications. Some good, some bad.

But no matter how many applications or who I’m talking to, I always stress the importance of securing proprietary information. By securing, I mean don’t put it in your application. Unless your are encrypting your application and decrypting at runtime, you are subject to a decompiler exposing your secrets.

There are Flash decompilers that will take any SWF and give you the source:
Trillix Flash Decompiler is one of the best commercial tools I’ve found.
I’ve even seen guys decompile, make changes and then recompile a Flex app. This is scary! Say goodbye to licensing software in Flash.

But HP just released a tool that has caught my eye as well. (Note: I have not tested this tool) It claims to decompile and test for security weaknesses. It’s called SWFScan and it’s a free Windows based tool from HP.

If security in a Flex or Flash based application is a concern for you, you must look at these tools. If security is not your concern, look anyway.

About Rob Rusher

In his role as Principal Consultant for On3, Rob leads an software development practice to help his clients build rich Internet applications for the desktop, browser, and mobile devices, and to rapidly increase their knowledge and skills to better support their organization's goals. Rob is an Adobe Certified Expert, Community Professional, and Certified Instructor. He has taught and mentored the technical teams at HP, Overstock, Paychex, SAS, the FedEx, and other Government and Fortune 100 organizations. Rob has co-authored four best-selling books on building secure, cutting-edge and rapidly developed applications using Adobe AIR, ColdFusion and Flex. He is very active in organizing and speaking at RIA, Adobe LiveCycle, mobile conferences, and user groups. In addition to growing his software consulting practice, On3, Rob has been building expertise in rich client application development on a wider variety of devices and platforms that extend the applications to change the way we all create and live.