Flash has become a de-facto standard for Web applications, yet most
vulnerability management solutions don't do a very good job verifying Flash
content. This is surprising, especially since 98% of workstations have the Adobe
Flash player installed, according to an Adobe study. The Flash player itself can
contain unpatched vulnerabilities, which most scanners already detect. However,
most scanners completely ignore the actual Flash applications and its
interactions with the back-end servers.