SWFScan
Showing results for 
Search instead for 
Do you mean 

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

Occasional Visitor

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

Overall, the tool is pretty good. But it missed a couple of issues that were detected manually during a recent assessment.


1) External XML loading (via URL in configpath) - not sure this is detectable via static anaylsis?


2) Security.allowDomain() issues - Security.allowDomain(“*”) and Security.allowInsecureDomain(“*”)

1 REPLY
Occasional Advisor

Re: Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

That is a known bug. At this time, we do not have any plans on releasing an additional version (althought that might change). We are fixing these assessment issues in WebInpsect, though.