Press Release: March 23, 2009

HP Offers Free Web Security Tool to Help Businesses Guard Against Malicious Hackers

PALO ALTO, Calif., March 23, 2009

HP today announced HP SWFScan, a free tool to help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.

As companies modernize their applications to give users a better experience online, they are moving to Web 2.0 technologies, including the Adobe® Flash® Platform. With Adobe Flash Player installed on more than 98 percent of Internet-connected PCs worldwide, it is imperative that web applications built with Flash technology are developed securely.

HP SWFScan allows Flash developers to deliver more secure code without becoming security experts. The tool is the first of its kind to decompile applications developed with the Flash Platform and perform static analysis to understand their behaviors. This helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods.

With HP SWFScan, Flash developers can:

  • Check for known security vulnerabilities that are targeted by malicious hackers. This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.
  • Fix problems quickly by highlighting vulnerabilities in the source code and receiving solid guidance on how to fix the security issues.
  • Verify conformance with best security practices and guidelines.

“The Adobe Flash Platform is being used more and more by large media companies and for business-critical applications. We are working with HP to make sure developers have tools to help secure content and keep customers safe,” said Brad Arkin, product security and privacy director, Secure Software Engineering Team, Adobe. “We worked with HP on their SWFScan tool, which will help Flash developers find potential security issues early in the development process so they can understand and prevent problems before web applications are ever deployed.”

Find, fix and prevent security vulnerabilities

An example of the types of security vulnerabilities HP SWFScan can prevent is leaving confidential information accessible to hackers. Flash developers often create an unintentional vulnerability by encoding access information such as passwords, encryption keys or database information directly into their applications. This video demonstrates how hackers can exploit this vulnerability.

HP analyzed almost 4,000 web applications developed with Flash software and found that 35 percent violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information. HP SWFScan helps developers find and correct these problems before they become an issue.

“Applications developed with Flash technologies are no more immune to security vulnerabilities than any other web applications,” said Joseph Feiman, vice president and fellow, Gartner. “Giving Flash developers the ability to check whether their code is secure, providing guidance on how to fix it, and offering best secure-programming practices will help to protect businesses and their customers from hackers.”

The HP Web Security Research Group, which developed SWFScan, includes many renowned experts in the security field. The group tracks web-related security threats and develops new technology to help IT professionals eliminate application security vulnerabilities. The results of the group’s research are incorporated into HP Application Security Center, a suite of products that allows customers to find, fix and prevent these vulnerabilities across the application life cycle.

HP Application Security Center includes the HP Assessment Management Platform as the foundation of the solution, and features HP DevInspect software for developers, HP QAInspect software for quality assurance teams and HP WebInspect software for operations and security experts.

“As organizations modernize their applications with Web 2.0 technology, they must be vigilant about preventing malicious hacker attacks and eliminating software defects of a security nature,” said Jonathan Rende, general manager and vice president, Products, Software and Solutions, HP. “HP continues to help make the web a safer place by turning our security research into solutions for customers to protect their applications, their websites and their sensitive information.”

A free download of HP SWFScan is available at

About HP

HP, the world’s largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure. More information about HP (NYSE: HPQ) is available at

Adobe is a trademark of Adobe Systems Incorporated.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance or market share relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include macroeconomic and geopolitical trends and events; the execution and performance of contracts by HP and its customers, suppliers and partners; the achievement of expected operational and financial results; and other risks that are described in HP’s filings with the Securities and Exchange Commission, including but not limited to HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2008. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Editorial contacts:

Jean Kondo, HP:

Julie Metting, Burson-Marsteller for HP:

About HP

HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze. More information about HP Inc. is available at