What's New in Syhunt 7.0.5

June 15, 2023

Syhunt Hybrid 7.0.5 adds SAST support for Kotlin web and mobile apps

Today we proudly announce the release of the 7.0.5 version of Syhunt Hybrid and Syhunt Community. Syhunt 7.0.5 adds SAST support for Kotlin, including the framework Ktor, its DSL and Kotlin-based Android apps. A total of 373 checks were enabled for the newly added language, covering all the vulnerabilities that are part of the CWE Top 25 2022, OWASP Top 10 2021 and the OWASP Mobile Top 10 documents and more.

"We're thrilled to announce the release of Syhunt 7.0.5, a powerful update to our Hybrid and Community products to support Kotlin and the latest security standards. With the new features in Syhunt 7.0.5, we can provide comprehensive protection for all apps across the mobile, web and server environments", says Satu Ohara, CEO of Syhunt. "It's a fantastic step forward in our efforts to provide leading-edge application security solutions."

Kotlin's adoption in the enterprise sector has been propelled by notable companies like Google. In 2017, Google officially declared Kotlin as a first-class language for Android app development, alongside Java. Apart from Google, Netflix, Uber, Trello, Evernote, Square, and Atlassian are among the many enterprises that have reportedly embraced Kotlin to enhance their software development processes.

Now companies using Kotlin can use Syhunt to hunt their vulnerabilities through source code analysis. Recently, Syhunt also announced SAST support for Object Pascal, allowing companies to secure both modern and legacy Delphi applications.

Additional Improvements in 7.0.5

  • Added SAST support and 373 checks for Kotlin, including the Ktor framework and Android apps.
  • Improved variable tracing in SAST.
  • Improved code parsing of JavaScript, TypeScript, Ruby, Python and C#.
  • Improved support for string interpolation in SAST.
  • Improved page loading in Sandcat browser.
  • Improved line selection in Syhunt Code's editor.
  • Improved Apache Range DoS check to prevent false positive in servers masked as Apache.
  • Improved error handling in DAST scan initialization.
  • Added Skip Duplicates option to DefectDojo tracker preferences.
  • Fixed: scan sessions sometimes not being added to past scan sessions list and becoming visible only when displaying sessions of all time.
  • Fixed: tab icon sometimes showing loading icon when the page finished loading.

That's all, for now. Happy bug hunting!