SWFScan
cancel
Showing results for 
Search instead for 
Did you mean: 

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

Highlighted
djtechnocrat
Acclaimed Contributor

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

Overall, the tool is pretty good. But it missed a couple of issues that were detected manually during a recent assessment.


1) External XML loading (via URL in configpath) - not sure this is detectable via static anaylsis?


2) Security.allowDomain() issues - Security.allowDomain(“*”) and Security.allowInsecureDomain(“*”)

1 REPLY
markpainter
Occasional Contributor

Re: Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

That is a known bug. At this time, we do not have any plans on releasing an additional version (althought that might change). We are fixing these assessment issues in WebInpsect, though.

//Add this to "OnDomLoad" event