2018

2018 | 2017 | 2016 | 2015 | 2014 | Archive

November 13, 2018

Syhunt Hybrid adds Jenkins extension - With today's release of Syhunt version update 6.4.1, Syhunt adds extensions for Jenkins that allow web application security scans to be called from within a Jenkins Pipeline script, allowing customers to integrate the Syhunt Dynamic and Syhunt Code scanner tools into their continuous delivery pipeline, schedule scans and much more. The beta extensions add three Groovy functions called syhunt.scanURL(), scanCode() and scanGIT() that can be used to perform dynamic and source code scans (DAST and SAST) from within a pipeline execution, optionally failing a build if a certain criteria is met (like if High risk vulnerabilities are found). "This is an important step towards making Syhunt easier to integrate across government and enterprise environments as part of ongoing and continuous secure development operations", says Syhunt's Chief Visionary Officer Felipe Daragon, "A long awaited feature that we're thrilled to deliver and evolve based on customer feedback and requirements".

Syhunt Hybrid 6.4.1 is available free of charge to all registered Syhunt users.

October 17, 2018

Syhunt Hybrid adds PCI DSS 3.2.1 support and more - Today we release version 6.4 of Syhunt Hybrid and Syhunt Community, a release with focus on compliance report generation and user interface (GUI) enhancements. This version comes with a revamped launcher screen, adds new PCI DSS related checks and many new compliance report options. Read more

September 8, 2018

Syhunt Hybrid 6.3 released, adds CVSS v3 support - We're happy to announce that Syhunt version 6.3, released today, adds full support for CVSS. CVSS stands for Common Vulnerability Scoring System and is an industry open standard designed to convey vulnerability severity and help determine urgency and priority of response. To enable the best use of the CVSS system, CVSS3 and CVSS2 vectors were assigned to all kinds of vulnerabilities currently detected by Syhunt Dynamic and Syhunt Code. Read more

June 15, 2018

Syhunt Hybrid 6.2 released, adds static code analysis of Node.js web apps - It was only last month that we announced the addition of SAST (static application security testing) for Java to Syhunt, but good news, we have a new update to share today which brings SAST for Node.js based web applications. Syhunt 6.2 is able to scan the source code of Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Because Syhunt was already able to dynamically test Node.js and MongoDB based web apps for vulnerabilities, this update makes Syhunt an ideal tool for both penetration testing and code review (DAST and SAST) of web apps built using the MEAN stack - MongoDB, Express.js, AngularJS & Node.js. Read more

May 26, 2018

Syhunt Huntpad 1.02 released and is now open source - On May 3 the first version of Syhunt Huntpad was released, and we have received many positive comments about it. It is with great pleasure that we now announce that, following the same footsteps as the Sandcat Browser, today's Huntpad release (version 1.02) is opensource and available on GitHub, where we expect it to keep evolving with community contributions and feedback. To make this possible, we also published the source code of core Lua libraries developed by Syhunt: Forge and Underscript, published today, and Catarinka, published in 2014 at the same time as Sandcat and continuously updated since then. From now on, any developer can help shape the project, so it will be exciting to see how it evolves.

May 17, 2018

Syhunt Hybrid 6.1 released, adds static code analysis of Java web apps - Seven months later after the last big release of Syhunt, we're back with a significant update. Today we release version 6.1 of Syhunt Community and Syhunt Hybrid. This version comes with the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities, a long-awaited and much requested feature that makes Syhunt an ideal tool for both penetration testing and code review of Java apps (DAST and SAST). Read more

April 13, 2018

National Security Research Institute selects Syhunt 6 - National Security Research Institute (NSRI), a research institute in South Korea, has selected Syhunt 6 for automating web application security testing. Today the NSRI is the only government funded research institute in Korea dedicated to the research of national information security. Syhunt is very proud to be selected to provide the latest release of its application security scanning sofware to the NSRI and to other organizations in Korea through its partners in the region.

Syhunt's already known unique scanning capabilities have been dramatically enhanced and expanded to meet the needs of government agencies and other large organizations. Recent improvements include the addition of advanced fingerprinting capabilities, enhanced spidering, injection, browsing and code scan capabilities, and a large number of new and improved checks. Read more