This document was generated by Syhunt Mobile version 6.8.0.0.

Supported Languages

LanguageCoverage Type
Objective-C, C & C++ (iOS)SAST
Java (JEE, Android)SAST
JavaScript Environments (Node.js, Express.js & Koa.js)SAST
JavaScript Client-Side (Angular & AngularJS)SAST
Swift (iOS)SAST
TypeScript (Angular)SAST

Code Checks for Objective-C, C & C++

Total Checks: 136

Check NameRiskCWE
Arbitrary File Manipulation
  Arbitrary File Write (Zip Slip)high 22
  Arbitrary File Manipulation Vulnerabilityhigh 73
  Resource Injectionhigh 99
API Misuse & Abuse
  Missing Biometric Auth Operation Justificationlow
  SMS Usageinfo
Broken Authentication
  Missing Policy Evaluation Checklow
  Insufficient Touch ID Restriction (Biometric Auth)medium 287
  Insufficient Authentication Handlinghigh
  Insecure Credential Initializationhigh
  Missing Request Host Checkhigh
  Biometric LocalAuthentication Usageinfo 287
Broken Cryptography
  Insecure Hashing Algorithmmedium 328
  Empty Cryptographic Keyhigh 321
  Empty HMAC Secret Key (Crypto)high 321
  Weak PBE Key Generationhigh 321
  Insecure PBE Iterationhigh 916
  User-Defined Salthigh 328
  Insecure Initialization Vector (Crypto)high 329
  Insecure Cryptographic Mode and Initialization Vectorhigh 330
  Insecure Cryptographic Modehigh 327
  Inadequate Cryptographic Key Sizehigh 326
  Insecure Cryptographic Algorithmmedium 327
Code Injection
  JavaScript Code Injection (WebView)high 95
  Unsafe Reflectionhigh 470
Denial of Service
  Buffer Overflow (Format)high 120
  Use of Insecure Legacy C Functionmedium 676
  Buffer Overflowhigh
  Buffer Overflowhigh
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
  Hardcoded Cryptographic Keyhigh 321
Insecure Communication
  Untrusted HTTPS Certificate Acceptancehigh
  Insecure Cookie Creationlow 1004
  Weak SSL Protocol (Default)medium 326
  Weak SSL Protocolmedium 326
  Insecure HTTP URLinfo 319
Insecure Data Storage
  Synchronized Credentialmedium
  Insecure File Storage (Missing Protection)medium 311
  Insecure File Storage (Possibly Insufficient Protection)info 311
  Unencrypted Databasehigh 311
  Insecure Image Storagelow 311
  HTTP Cache Storage Incorrectly Disabledhigh 311
  Insecure HTTP Response Storagelow 311
  Insecure HTTP Session Storagelow 311
  Insecure Storage in Keychain (Missing Protection)high 359
  Externally Accessible Keychainhigh 359
  Insecure Storage in Keychain (Possibly Insufficient Protection)info 311
  Insecure Storage (Unenforced Passcode Policy)medium 311
  Insecure Storage in Keychain (Unspecified Access Policy)medium
  Inadequate Password Protectionhigh 261
  Insecure Storage of Sensitive Informationmedium 256
  Cleartext Storage of Sensitive Informationhigh 312
  Sensitive Data Stored in Documentshigh 359
Information Disclosure
  Information Leaklow 497
  Unprotected Databasehigh 521
  Logging of Geolocation Datamedium 359
  Forced Geolocation Data Transmissionmedium 359
  Insecure Password Input Fieldmedium 359
  Insufficient Credential Removalhigh 359
  Logging of Sensitive Informationhigh
  Insecure Transmission of Sensitive Informationmedium 359
JSON Injection
  JSON Injectionhigh 91
Log Forging
  Log Forging Vulnerabilitylow 117
Bad Practices
  Request Cache Usageinfo
  Missing Default in Switch Statementlow
  Use of Jmp Functionmedium
  Insecure String To Number Conversionlow
  Use of Float in Looplow
  Forcible Application Terminationinfo 382
  Goto Statement Usagelow
  Incorrect Temp File or Directory Creationmedium
  Overly-General Catch Clauselow 396
  offsetof Macro Usagelow
Command Execution
  Command Execution Vulnerabilityhigh 78
Security Misconfiguration
  Missing Content Validation (IPC)medium 501
  Overly Broad Cookie Creationlow 287
  Persistent Cookie Creationinfo 539
SQL Injection
  SQL Injection Vulnerabilityhigh 89
Uncontrolled Format String
  Uncontrolled Format Stringmedium 134
XPath Injection
  XPath Injection Vulnerabilityhigh 91
Cross-Site Scripting (XSS)
  Cross-Site Scripting (WebView XSS)high 79

Code Checks for Objective-C, C & C++ Headers

Total Checks: 1

Check NameRiskCWE
Information Disclosure
  Insecure Password Input Fieldmedium 359

Code Checks for Java

Total Checks: 315

Check NameRiskCWE
Arbitrary File Manipulation
  Arbitrary File Manipulation Vulnerabilityhigh 73
  Arbitrary File Write (ZIP)high 22
  Inappropriate File Access Permissionsinfo 276
Broken Authentication
  Insegure Storage of Sensitive Information in Cookiehigh
  Insecure Storage of Sensitive Informationmedium 256
  Insecure Facebook Login Handlingmedium
  Deprecated FingerprintManager API Usagemedium
  Missing BiometricPrompt Auth Failure Handlingmedium
  Missing BiometricPrompt Error Handlingmedium
  Missing BiometricPrompt Acquired Handlingmedium
  Missing Google Sign In Error Handlingmedium
  Missing Biometric Capability Checkmedium
Broken Cryptography
  Insecure Randomnesshigh 338
  Use of RSA Algorithm without OAEP (Crypto)medium 780
  Insecure Random Number Generationmedium 335
  Insecure Cryptographic Key Comparisonmedium
  Insecure Cryptographic Modehigh 327
  Weak Random Number Generationmedium 330
  Missing User Confirmation (Crypto)medium
  Missing unlockedDeviceRequired Flag (Crypto)medium
  Insecure Cryptographic Algorithmmedium 327
  Insecure Cryptographic Modehigh 327
  Inadequate Cryptographic Key Sizehigh 326
  Improper Seed of SecureRandommedium 338
  Predictable Random Number Generationmedium 338
  Insecure SHA1 PRNGmedium 328
  Insecure Cryptographic Mode and Initialization Vectorhigh 330
  Custom Cryptographic Algorithm Usageinfo
  Insecure Hashing Algorithmmedium 328
Code Injection
  Code Injectionhigh 94
  Unsafe Reflectionhigh 470
  Code Injection (JavaBean)high 15
  Insecure URI Rendering (WebView)high
  JavaScript Code Injection (WebView)high 94
Debug Entry Points
  Leftover Debug Entry Point (Method)medium 489
Denial of Service
  External Process Blockmedium
  Regular Expression Injectionmedium 400
File Inclusion
  File Inclusion Vulnerabilityhigh 22
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
HTTP Header Injection
  HTTP Header Injection Vulnerabilitymedium 113
HTTP Response Splitting
  HTTP Response Splitting Vulnerabilitymedium 113
Insecure Communication
  Use of Deprecated Java HttpClientmedium
  Insecure HTTPS Client Usagemedium 319
  Insecure HTTP Connectioninfo 319
  Insecure HTTP URLinfo 319
  Insecure Socket Data Exchangemedium 311
  Insecure SMTP Connectionmedium 297
  Improper Host Verificationmedium 295
  Insecure Authentication Methodhigh 522
  Insecure Cookie Creationlow 1004
  Weak SSL Protocolmedium 326
Information Disclosure
  Information Leaklow 497
  Error Message Information Exposurelow 209
  Missing Debug Check Calllow
  Insecure Temporary File Cleanuplow 377
  External Storage Usageinfo
  Sensitive Data Stored in External Storagehigh
  Logging of Sensitive Informationhigh
  Insecure Content Context Modemedium
  Sensitive Data in Global Broadcasthigh
  Forced Geolocation Data Transmissionmedium 359
  Unprotected Databasehigh 521
  Leftover Debug Codelow 489
JSON Injection
  Unsafe Deserialization (Jackson)high 502
LDAP Injection
  LDAP Injection Vulnerabilityhigh 90
  Unprotected LDAP Transactionhigh 521
Log Forging
  Log Forging Vulnerabilitylow 117
Bad Practices
  Memory Leak (Static Collection)low
  Use of Java Array Constantinfo 582
  Use of Insecure, Default Socket Factoriesmedium 319
  Impossible Array Castlow 704
  Missing Catch of NumberFormatExceptionlow 248
  Unsafe NaN Comparisonlow
  Loss of Precision (BigDecimal)low
  Declaration of Throws for Generic Exceptioninfo 397
  NullPointerException Catch Clauselow 396
  Lock Synchronizationlow
  Insecure ThreadGroup Method Usagelow 362
  Forceful Thread Terminationlow 705
  Missing File Deletion Error Handlinglow
  Unsafe ResultSet Method Usagelow
  Improper Object Finalizationlow 586
  Overly-General Catch Clauselow 396
  Insufficient Object Class Comparisonlow
  Unsafe Finalizer Method Usagemedium
  Unreleased Lock (Deadlock)low 833
  Missing Default in Switch Statementlow
  Forcible JVM Terminationinfo 382
  Thread Deadlockmedium
  Unsafe Synchronization Methodmedium
  Incorrect Hex Conversionhigh 704
Command Execution
  Use of Relative Path in Commandmedium 88
  Command Execution Vulnerabilityhigh 78
  Insecure Stream Readingmedium
Security Misconfiguration
  Unsafe Database Connectionmedium
  Untrusted Input in Permission Checkhigh 807
  Deactivated Security Managerhigh
  Overly Broad Cookie Creationlow 287
SQL Injection
  SQL Injection Vulnerabilityhigh 89
  Direct SQL Table Accesslow
Server-Side Request Forgery
  Server-Side Request Forgerymedium 918
  CSRF Protection Disabledhigh 352
  Insecure Request Mappingmedium 352
Uncontrolled Format String
  Uncontrolled Format Stringmedium 134
Unvalidated Redirect
  Unvalidated Redirect Vulnerabilitylow 601
XML Injection
  Incorrect XML Parsing Modellow
  Missing XXE Restrictionmedium 611
  Deserialization of Untrusted Datahigh 502
  XML Injectionhigh 91
  XXE Injectionhigh 611
  Missing XXE Restrictionmedium 611
XPath Injection
  XPath Injection Vulnerabilityhigh 91
Cross-Site Scripting (XSS)
  Cross-Site Scripting (XSS) Vulnerabilitymedium 79
  Weak Validation Method (XSS)medium 625
  Cross-Site Scripting (WebView XSS)high 79

Code Checks for JavaScript Environments (Node.js)

Total Checks: 104

Check NameRiskCWE
Arbitrary File Manipulation
  Arbitrary File Manipulation Vulnerabilityhigh 73
  Arbitrary File Write (Zip Slip)high 22
Broken Cryptography
  Insecure Randomnesshigh 338
  Insecure Hashing Algorithmmedium 328
  Insecure Cryptographic Algorithmmedium 327
Backdoors
  Remote Access Trojan/Backdoorhigh 507
Code Injection
  Code Injectionhigh 94
Denial of Service
  Regular Expression Injectionmedium 400
File Inclusion
  File Inclusion Vulnerabilityhigh 22
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
HTTP Header Injection
  HTTP Header Injection Vulnerabilitymedium 113
  Host Header Poisoningmedium
Insecure Communication
  Insecure Cookie Creationlow 1004
Information Disclosure
  Error Message Information Exposurelow 209
  Sensitive Information Client-Sidehigh
  Logging of Sensitive Informationhigh
  Leftover Debug Codelow 489
Log Forging
  Log Forging Vulnerabilitylow 117
NoSQL Injection
  NoSQL Injection Vulnerabilityhigh
Command Execution
  Command Execution Vulnerabilityhigh 78
Security Misconfiguration
  Use Helmetinfo
  SSL Verification Disabledmedium 295
  Insecure Content Allowedhigh
  webSecurity Disabledhigh
  Rendering with Node Integration Enabledhigh 94
  Permissive Cross-Origin Resource Sharinghigh 942
  Overly Broad Cookie Creationlow 287
SQL Injection
  SQL Injection Vulnerabilityhigh 89
Server-Side Request Forgery
  Server-Side Request Forgerymedium 918
Unvalidated Redirect
  Unvalidated Redirect Vulnerabilitylow 601
  Incomplete Regular Expressionlow
  Incomplete URL Substring Sanitizationlow 20
XML Injection
  XXE Injectionhigh 611
  XML Injectionhigh 91
XPath Injection
  XPath Injection Vulnerabilityhigh 91
Cross-Site Scripting (XSS)
  Cross-Site Scripting (XSS) Vulnerabilitymedium 79

Code Checks for JavaScript Client-Side

Total Checks: 45

Check NameRiskCWE
Broken Cryptography
  Insecure Randomnesshigh 338
  Insecure Hashing Algorithmmedium 328
Code Injection
  Code Injectionhigh 94
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
Information Disclosure
  Local Storage Usageinfo
  Sensitive Data Stored in Local Storagehigh
  Web SQL Database Usagemedium
  Insecure Cross-Window Communicationmedium 201
  Sensitive Information Client-Sidehigh
Security Misconfiguration
  Overly Broad Cookie Creationlow 287
  Insecure URL Whitelistmedium 183
Server-Side Request Forgery
  Client-Side Request Forgerymedium
Unvalidated Redirect
  Unvalidated Redirect Vulnerabilitylow 601
XPath Injection
  XPath Injection Vulnerabilityhigh 91
Cross-Site Scripting (XSS) DOM-Based
  Cross-Site Scripting (XSS) Vulnerabilitymedium 79
  SCE Disabledhigh

Code Checks for Swift

Total Checks: 111

Check NameRiskCWE
Arbitrary File Manipulation
  Arbitrary File Write (Zip Slip)high 22
  Arbitrary File Manipulation Vulnerabilityhigh 73
  Resource Injectionhigh 99
API Misuse & Abuse
  Missing Biometric Auth Operation Justificationlow
  SMS Usageinfo
Broken Authentication
  Missing Policy Evaluation Checklow
  Insufficient Touch ID Restriction (Biometric Auth)medium 287
  Insufficient Authentication Handlinghigh
  Insecure Credential Initializationhigh
  Missing Request Host Checkhigh
  Biometric LocalAuthentication Usageinfo 287
Broken Cryptography
  Insecure Hashing Algorithmmedium 328
  Insecure Cryptographic Algorithmmedium 327
  Insecure Randomnesshigh 338
  Empty Cryptographic Keyhigh 321
  Empty HMAC Secret Key (Crypto)high 321
  Weak PBE Key Generationhigh 321
  Insecure PBE Iterationhigh 916
  User-Defined Salthigh 328
  Insecure Initialization Vector (Crypto)high 329
  Insecure Cryptographic Mode and Initialization Vectorhigh 330
  Insecure Cryptographic Modehigh 327
  Inadequate Cryptographic Key Sizehigh 326
Code Injection
  JavaScript Code Injection (WebView)high 95
  Insecure URI Rendering (WebView)high
  Unsafe Reflectionhigh 470
Denial of Service
  Regular Expression Injectionmedium 400
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
  Hardcoded Cryptographic Keyhigh 321
  Hardcoded Salthigh 759
Insecure Communication
  Insecure Cookie Creationlow 1004
  Weak SSL Protocol (Default)medium 326
  Weak SSL Protocolmedium 326
  Insecure HTTP URLinfo 319
Insecure Data Storage
  Insecure File Storage (Missing Protection)medium 311
  Insecure File Storage (Possibly Insufficient Protection)info 311
  Unencrypted Databasehigh 311
  Insecure Image Storagelow 311
  HTTP Cache Storage Incorrectly Disabledhigh 311
  Insecure HTTP Response Storagelow 311
  Insecure Storage in Keychain (Missing Protection)high 359
  Externally Accessible Keychainhigh 359
  Insecure Storage in Keychain (Possibly Insufficient Protection)info 311
  Insecure Storage (Unenforced Passcode Policy)medium 311
  Insecure Storage in Keychain (Unspecified Access Policy)medium
  Insecure HTTP Session Storagelow 311
  Inadequate Password Protectionhigh 261
  Insecure Storage of Sensitive Informationmedium 256
  Cleartext Storage of Sensitive Informationhigh 312
  Sensitive Data Stored in Documentshigh 359
  Synchronized Credentialmedium
Information Disclosure
  Unprotected Databasehigh 521
  Forced Geolocation Data Transmissionmedium 359
  Insecure Password Input Fieldmedium 359
  Insufficient Credential Removalhigh 359
  Insecure Transmission of Sensitive Informationmedium 359
  Information Leaklow 497
  Logging of Geolocation Datamedium 359
  Logging of Sensitive Informationhigh
JSON Injection
  JSON Injectionhigh 91
Log Forging
  Log Forging Vulnerabilitylow 117
NoSQL Injection
  NoSQL Injection Vulnerabilityhigh
Security Misconfiguration
  Missing Content Validation (IPC)medium 501
  Overly Broad Cookie Creationlow 287
  Persistent Cookie Creationinfo 539
SQL Injection
  SQL Injection Vulnerabilityhigh 89
XML Injection
  XXE Injectionhigh 611
Cross-Site Scripting (XSS)
  Cross-Site Scripting (WebView XSS)high 79

Code Checks for TypeScript

Total Checks: 13

Check NameRiskCWE
Hardcoded Sensitive Information
  Hardcoded URIinfo
  Unprotected Database or Assethigh 521
Information Disclosure
  Leftover Debug Codelow 489
  Logging of Sensitive Informationhigh
Cross-Site Request Forgery
  Cross-Site Request Forgerymedium 352
Cross-Site Scripting (XSS)
  Cross-Site Scripting (XSS) Vulnerabilitymedium 79
  Insecure HTTP Client Usagemedium