Syhunt 6.9.25 Brings Enhanced Reports
Learn More - Download - Oct.2022

Syhunt Breach: Breach Hunting & Prevention
Learn More - Download - Jun.2022


2022 | 2021 | 2020 | 2019 | Archive

October 26, 2022

Syhunt Hybrid 6.9.25 adds enhanced vulnerability reports, and more - In parallel to today's Syhunt participation at the Security Leaders congress in Sao Paulo, where Syhunt is introducing its dark web monitoring solution Syhunt Breach, today we release Syhunt version 6.9.25. The new release comes with a revamped and responsive HTML report, an enhanced PDF report, bulk report generation, grouping of similar vulnerability instances, and summary of scans, making the reporting side of the tool keep pace with all the back-end engine evolution introduced over the last years. In addition to the enhanced reports, Syhunt 6.9.25 enhances integration with issue trackers and significantly reduces memory footprint while performing Dynamic scans. Read more

October 19, 2022

Visit Syhunt at the Security Leaders congress in Sao Paulo - On 26 and 27 October 2022, Syhunt will be introducing its dark web monitoring solution Syhunt Breach and the latest version of its hybrid application security scanner during the Security Leaders event in Sao Paulo, Brazil. Syhunt will participate the event alongside OGASEC, a pioneer information security company, a leading supplier of vulnerability assessment solutions and a strategic Syhunt Distributor in Brazil. We invite everyone to come and learn about the many ways our software can help organizations identify breaches and secure their mobile and web applications. For more information about the Security Leaders event, visit:

September 28, 2022

Real Life Cybercrimes interview of Syhunt CVO about ransomware - On September 28, Syhunt founder and CVO Felipe Daragon participates as a panelist alongside experts Fernando Ceolin (Akamai) and Rafael Silva (KnowBe4) at the Cybercrimes in Real Life event to discuss how to protect from ransomware. Read more

August 8, 2022

Syhunt Hybrid 6.9.17 adds dashboard integration and false-positive free checks - We are happy to announce the release of Syhunt Hybrid 6.9.17. which adds the ability to automatically connect to security dashboards like OWASP DefectDojo and Faraday to submit DAST and SAST scan results. The security dashboard allows teams to keep track of vulnerability alerts generated by Syhunt and manage their attack surface from a single, central place while automating and accelerating key steps of their application vulnerability management. Read more

June 17, 2022

Syhunt Hybrid 6.9.15 adds Fastjson RCE vulnerability detection and more - Today we release Syhunt Hybrid which adds the detection of the Fastjson RCE vulnerability (CVE-2022-25845) to the Syhunt Code tool. The remote code execution vulnerability affects versions 1.2.80 and older of Fastjson and is caused by the default AutoType restriction which can be bypassed under specific conditions. An attacker could exploit this critical vulnerability to perform remote code execution on the target machine. Read more

June 2, 2022

Syhunt Hybrid 6.9.14 improves DAST, SAST and DWET capabilities - We are happy to announce the release of Syhunt Hybrid 6.9.14 which improves and expands the product tools Syhunt Dynamic, Syhunt Code and Syhunt Breach. The new release comes with a revamped Breach user interface, accelerated Breach scans, automatic issue submission, and the long-awaited ability to ignore specific vulnerability alerts when performing DAST and SAST scans, among other enhancements. Read more

April 8, 2022

Syhunt Hybrid 6.9.13 adds Spring4Shell vulnerability detection, expands SCA and DWET capabilities - Last week we all learned about the critical Spring4Shell (CVE-2022-22965) vulnerability that affects Spring apps and that when exploited by attackers may result in remote command execution. Today we release Syhunt Hybrid 6.9.13 which adds the detection of the Spring4Shell vulnerability to Syhunt tools, Syhunt Dynamic, Syhunt Code and Syhunt Forensic (formerly Insight). In addition to this critical DAST check, Syhunt 6.9.13 expands its SCA component in Syhunt Code to cover the Spring4Shell vulnerability and adds 260 new ransomware related leaks to its Syhunt Breach tool (formerly IcyDark), reaching a total of 3103 ransomware group leaks. Read more

March 3, 2022

Syhunt assists European agencies and businesses seeking to strengthen application security - Today, through its products and research, Syhunt is actively engaged in assisting government agencies in countries such as Germany, Brazil, India and others to strenghten their application security posture. Last month, Syhunt published a special report on the ransomware threat to global organizations that showed that the European organizations are the second most targeted by ransomware groups and exposed on the Dark Web. Read more

February 22, 2022

Syhunt Hybrid 6.9.12 adds GitHub Actions integration and simplifies CLI - In the recent past, Syhunt announced integration with various systems, such as Azure DevOps, GitLab, TFS, Jenkins and JIRA, and GitHub Issues. Now we release Syhunt Hybrid 6.9.12 which adds integration with GitHub Actions and other user-requested enhancements, as well as simplifies the product's command-line interface. Read more

December 17, 2021

Syhunt Hybrid 6.9.11 adds Log4Shell vulnerability detection - Since the public disclosure of the severe risk Log4Shell (CVE-2021-44228) vulnerability that affects Java apps, we have worked to prepare a robust Syhunt update to our DAST, OAST, SAST and FAST capabilities that adds detection of the Log4Shell vulnerability. Today we released the 6.9.11 version of Syhunt Hybrid, which adds the new detection capabilities. Syhunt recommends organizations to perform immediate review and actions which are absolutely necessary in order to fully secure their web server and applications against the vulnerability that when exploited by attackers may result in remote command execution. Read more

November 17, 2021

Syhunt Community and Hybrid 6.9.10 now run on macOS - Today we're excited to release the 6.9.10 version of Syhunt Hybrid and Community, the first Syhunt release that runs on macOS systems. The Syhunt CLI scan tools have been tested and adapted to run on macOS Big Sur and macOS Monterey, and the product documentation has been updated to cover the installation process and usage of the CLI tools on macOS. Read more

November 8, 2021

Syhunt Community and Hybrid 6.9.9 adds dark web monitoring and exposure testing - We're excited to release the 6.9.9 version of Syhunt Hybrid and Community today, which adds the first version of Syhunt's dark web exposure testing tool, called Syhunt IcyDark. After establishing the Icy Division for monitoring the dark web in the beginning of 2021, Syhunt IcyDark is our latest response to a rapidly evolving threat landscape and constant data breaches. Read more

October 11, 2021

Syhunt Community and Hybrid 6.9.8 adds OWASP Top 10 2021, CWE Top 25 2021, SSL test, and more - The 6.9.8 release of Syhunt Hybrid and Community is finally out. The new release updates the OWASP Top 10 and CWE Top 25 scan methods and checks based on the latest, 2021 version of the documents. This important improvement has been added to both Syhunt's DAST and SAST scans. Syhunt 6.9.8 also adds a much-requested feature to Syhunt Dynamic: SSL web server testing. Read more

June 24, 2021

Syhunt Community and Hybrid 6.9.7 adds expanded command-line interface and more - A new update is out for Syhunt Hybrid that expands the product's command-line interface, adds a scheduler service for Windows, improved APK scan support in Syhunt Mobile that now works on Linux, check for use of deprecated security headers, and various user-requested improvements. Read more

May 26, 2021

Syhunt Community and Hybrid 6.9.6 adds Azure DevOps and TFS support - Today we released another update to Syhunt Community and Hybrid. The new 6.9.6 version adds the ability to scan project repositories on Azure DevOps (both cloud and on-premises) and Team Foundation Server (TFS) for application security vulnerabilities and weaknesses. Read more

May 10, 2021

Syhunt Hybrid and Community 6.9.5 adds TLS 1.3 support and more - Today we released version 6.9.5 of Syhunt Hybrid and Community. The new version adds TLS 1.3 support for Syhunt Dynamic and Code scans, extends Jenkins integration by supporting not only Jenkins for Windows but also Jenkins for Linux, optionally works as a Jenkins agent, and brings many user-requested improvements and bug fixes. Read more

November 3, 2020

Syhunt Hybrid and Community 6.9.3 extends its TypeScript analysis, accelerates SAST and more - We are proud to introduce version 6.9.3 of Syhunt, which extends static analysis of TypeScript code, adds 5x faster source code scans and faster analysis of JavaScript code, includes Huntpad 2.0, as well as introduces a large number of enhancements that translate to improved DAST and SAST accuracy and performance. Version 3.9.3's focus is once again JavaScript and the MEAN stack. Read more

August 4, 2020

Syhunt Hybrid and Community 6.9 now runs on modern Linux distributions - We're excited to announce the immediate release of Syhunt Hybrid and Syhunt Community version 6.9, the first Syhunt release to embrace cross-platform integration. In the recent past, Syhunt embraced open-source development, by releasing the source code of the Syhunt Sandcat browser, Huntpad, and many other core software and libraries the company developed and actively maintains. Read more

July 1, 2020

Syhunt Hybrid 6.8.5 now integrates with GitLab CI and PowerShell - We're proud to announce the release of Syhunt Hybrid version 6.8.6. The new version adds integration with GitLab's Continuous Integration and Security Dashboard, enabling Syhunt to continually scan web and mobile applications in repositories on and GitLab self-hosted versions looking for the 2019 CWE Top 25 Most Dangerous Software Errors, OWASP Top 10, OWASP Mobile Top 10 and many other vulnerabilities. Read more

June 10, 2020

Syhunt Hybrid 6.8.5 released, adds GitLab support and extends issues integration - We're happy to release Syhunt Hybrid version 6.8.5. The new release brings extended issue tracker integration with support for GitLab issues, custom labels and fields in any tracker, personal access token support, improved checks for weak or missing HTTP security headers and bug fixes. Read more

May 1, 2020

Syhunt Hybrid 6.8.3 released, adds enhanced DAST fingerprinting, manual login and more - We're happy to release Syhunt Hybrid version 6.8.3. The new release brings many important DAST improvements, including enhanced web server fingerprinting, integration with Google Chrome and Mozilla Firefox, hybrid client-side JavaScript code analysis (SAST-within-DAST), and more. Read more

April 2, 2020

Syhunt Hybrid 6.8.2 released, adds static code analysis of Ruby web apps and more - A new update released today brings a long-awaited feature to Syhunt: SAST for Ruby based web applications. Syhunt 6.8.2 is now able to scan the source code of web applications in Ruby (Rails and ERB) for security bugs with coverage for over 19 vulnerability categories. Read more

March 25, 2020

Syhunt takes action to help secure entities and businesses amid COVID-19 pandemic - The COVID-19 outbreak poses unprecedented challenges to businesses, governments, and societies around the world. After enabling mandatory work-from-home for all its personnel and taking all necessary steps to maintain service to its customers, Syhunt is now closely monitoring the global situation and ready to help businesses and organizations during this challenging period... Read more

March 6, 2020

Syhunt introduces Hybrid-Augmented Analysis, OAST & Android APK Analysis capabilities - We are proud to introduce version 6.8.1 of Syhunt and, at the same time, unveil its online Syhunt Signal service. The Syhunt scanner integration with Syhunt Signal adds the ability to perform OAST (Out-of-Band Application Security Testing), which allows Syhunt to detect a range of otherwise invisible, high-risk out-of-band (OOB) vulnerabilities, as well as to perform Hybrid-Augmented Analysis, a combination of DAST, SAST and OAST methodologies.... Read more

January 27, 2020

Syhunt expands vulnerability checks for iOS apps and missing protections in web apps - In September last year we announced support for mobile applications (Android & iOS). Now we are proud to introduce version 6.8 of Syhunt, which greatly extends its iOS check base, as well as expands its vulnerability checks for dynamic web apps. As part of this major update, we've increased the number of source code checks for Swift & Objective-C... Read more

October 23, 2019

Visit Syhunt at the Security Leaders congress in Sao Paulo - On 29 and 30 October 2019, Syhunt will be introducing its mobile application security scanner Syhunt Mobile and the latest version of its hybrid web application security scanner during the Security Leaders event in Sao Paulo, Brazil. We invite everyone to come and learn about the many ways our software can help organizations secure their mobile and web applications. For more information about the Security Leaders event, visit:

September 17, 2019

Syhunt adds support for Android and iOS apps and greatly extended checks for Java - We're excited to announce the immediate availability of Syhunt version 6.7. This release is a milestone in Syhunt's development history. It brings support for mobile (Android & iOS) applications, greatly extends its Java check base and adds the much-awaited scan scheduling feature. Read more

June 3, 2019

Syhunt adds SAST support for Angular, AngularJS, web services, and more - We're happy to announce that Syhunt version 6.6, released today, adds SAST support for web services, and extends support for the MEAN stack by adding support for Angular (v2 and higher) and AngularJS-based web applications, TypeScript, and a large number of additional checks covering Node.js, Express.js, jQuery, client-side JavaScript, and Java. Read more

December 26, 2018

Syhunt adds F5 BIG-IP ASM compatible vulnerability export, Jenkins extension, JIRA and GitHub integration, GIT support and more - Today we release version 6.5 of Syhunt Hybrid and Syhunt Community, a release with focus on integration with other systems such as Jenkins and F5 BIG-IP Application Security Manager (ASM), JIRA and GitHub issues, GIT source code control systems, as well as bringing UI improvements, spider improvements and framework-specific optimizations. Read more

November 13, 2018

Syhunt Hybrid adds Jenkins extension - With today's release of Syhunt version update 6.4.1, Syhunt adds extensions for Jenkins that allow web application security scans to be called from within a Jenkins Pipeline script, allowing customers to integrate the Syhunt Dynamic and Syhunt Code scanner tools into their continuous delivery pipeline, schedule scans and much more. The beta extensions add three Groovy functions called syhunt.scanURL(), scanCode() and scanGIT() that can be used to perform dynamic and source code scans (DAST and SAST) from within a pipeline execution, optionally failing a build if a certain criteria is met (like if High risk vulnerabilities are found). "This is an important step towards making Syhunt easier to integrate across government and enterprise environments as part of ongoing and continuous secure development operations", says Syhunt's Chief Visionary Officer Felipe Daragon, "A long awaited feature that we're thrilled to deliver and evolve based on customer feedback and requirements".

Syhunt Hybrid 6.4.1 is available free of charge to all registered Syhunt users.

October 17, 2018

Syhunt Hybrid adds PCI DSS 3.2.1 support and more - Today we release version 6.4 of Syhunt Hybrid and Syhunt Community, a release with focus on compliance report generation and user interface (GUI) enhancements. This version comes with a revamped launcher screen, adds new PCI DSS related checks and many new compliance report options. Read more

September 8, 2018

Syhunt Hybrid 6.3 released, adds CVSS v3 support - We're happy to announce that Syhunt version 6.3, released today, adds full support for CVSS. CVSS stands for Common Vulnerability Scoring System and is an industry open standard designed to convey vulnerability severity and help determine urgency and priority of response. To enable the best use of the CVSS system, CVSS3 and CVSS2 vectors were assigned to all kinds of vulnerabilities currently detected by Syhunt Dynamic and Syhunt Code. Read more

June 15, 2018

Syhunt Hybrid 6.2 released, adds static code analysis of Node.js web apps - It was only last month that we announced the addition of SAST (static application security testing) for Java to Syhunt, but good news, we have a new update to share today which brings SAST for Node.js based web applications. Syhunt 6.2 is able to scan the source code of Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Because Syhunt was already able to dynamically test Node.js and MongoDB based web apps for vulnerabilities, this update makes Syhunt an ideal tool for both penetration testing and code review (DAST and SAST) of web apps built using the MEAN stack - MongoDB, Express.js, AngularJS & Node.js. Read more

May 26, 2018

Syhunt Huntpad 1.02 released and is now open source - On May 3 the first version of Syhunt Huntpad was released, and we have received many positive comments about it. It is with great pleasure that we now announce that, following the same footsteps as the Sandcat Browser, today's Huntpad release (version 1.02) is opensource and available on GitHub, where we expect it to keep evolving with community contributions and feedback. To make this possible, we also published the source code of core Lua libraries developed by Syhunt: Forge and Underscript, published today, and Catarinka, published in 2014 at the same time as Sandcat and continuously updated since then. From now on, any developer can help shape the project, so it will be exciting to see how it evolves.

May 17, 2018

Syhunt Hybrid 6.1 released, adds static code analysis of Java web apps - Seven months later after the last big release of Syhunt, we're back with a significant update. Today we release version 6.1 of Syhunt Community and Syhunt Hybrid. This version comes with the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities, a long-awaited and much requested feature that makes Syhunt an ideal tool for both penetration testing and code review of Java apps (DAST and SAST). Read more

April 13, 2018

National Security Research Institute selects Syhunt 6 - National Security Research Institute (NSRI), a research institute in South Korea, has selected Syhunt 6 for automating web application security testing. Today the NSRI is the only government funded research institute in Korea dedicated to the research of national information security. Syhunt is very proud to be selected to provide the latest release of its application security scanning software to the NSRI and to other organizations in Korea through its partners in the region.

Syhunt's already known unique scanning capabilities have been dramatically enhanced and expanded to meet the needs of government agencies and other large organizations. Recent improvements include the addition of advanced fingerprinting capabilities, enhanced spidering, injection, browsing and code scan capabilities, and a large number of new and improved checks. Read more

October 10, 2017

Syhunt releases version 6 of Syhunt Hybrid suite - After a year of intense research and development, we're very proud to release version 6.0 of the Syhunt Hybrid application security testing suite. With its huge list of updates, the new version marks its most drastic evolution yet and a major overhaul of both its scan engine and user interface, adding advanced fingerprinting capabilities, enhanced spidering, injection, browsing and code scan capabilities, and a large number of new and improved checks. Read more

October 1, 2016

Syhunt releases console web vulnerability scan tools - We're happy to release the new generation of Syhunt console-based scan tools, which we simply call ScanTools. The first release of Syhunt ScanTools comes with four console applications - ScanURL, ScanCode, ScanLog and ScanConf, incorporating the functionality of Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt Insight and Syhunt Harden respectively. Whether you want to scan a live web application, source code files, web server logs or configuration files for vulnerabilities, weaknesses and more, Syhunt ScanTools can help you start the task with a single line command. Syhunt ScanTools is available for download as a freeware portable package or as part of Syhunt Community. Get it now at

June 3, 2016

Syhunt releases Insight tool, expands web backdoor detection - We're pleased to announce the immediate availability of our newest tool Syhunt Insight together with version 5.4 of the Syhunt Community and Hybrid software suites and a new release of the Sandcat browser.

Syhunt Insight is a proactive forensics/detection tool for application-level attacks and comes to complement our hybrid web application security assessment suite, allowing organizations not only to detect web application vulnerabilities, but to investigate and prevent security breaches through additional lens. Syhunt Insight brings a lightweight but powerful web server log analysis engine at its core, and is able to automatically build the profile of attackers during log scans, determine if a breach occurred, expose IP geolocation, inventory and environment information of attackers, and, if necessary, reconstruct sessions from the beginning aiming at a specific source.

In addition to this release, the latest round of changes in components include the following relevant enhancements:

  • Syhunt Dynamic 5.4, with now over 300 web backdoor checks, along with UX enhancements, faster scans and improved support for ASP.NET and JSP-based web applications.
  • Sandcat Browser 5.2, with stability, UX and Lua API enhancements. Full ChangeLog

August 28, 2015

Syhunt releases Community Edition of its hybrid application security scanner - We're pleased to announce the immediate availability of Syhunt Community. This is the first release of a free, community edition of our flagship product Syhunt Hybrid, available at no-charge for the community. Syhunt Community is built on top of Syhunt’s open source pen-test oriented web browser Sandcat and can be used for scanning web applications for multiple types of vulnerabilities, including commonly exploited coding mistakes, through both dynamic and source code analysis. Some of the vulnerabilities covered include:

  • Cross-Site Scripting (XSS)
  • SQL Injection (for MySQL and Oracle powered web applications)
  • Unvalidated Redirects
  • Directory Listing
  • Directory Traversal
  • Information Disclosure
  • Old/Backup Files (Common Backup Files & Folders)
  • Path Disclosure
  • Source Code Disclosure

Syhunt Community comes without any time restrictions and although not nearly as complete as the full-featured Syhunt Hybrid product (see a full comparison), it can help security auditors and developers to start improving the security of web applications and websites right away, helping evaluate the coding practices currently in place within an organization or a group. The first incarnation of Syhunt Community carries the 5.3 version number, which is the current version number of Syhunt Hybrid - it runs under any modern Windows version and can be downloaded at the link below. Feel free to try it - there is no license required, and if you wish, it is possible to upgrade to the commercial edition of Syhunt through our online store, and obtain full vulnerability detection with the most complete feature set included.

Download Syhunt Community 5.3
Link: syhunt-community-5.3.exe
MD5: 189b5e3ba8c754130891749a99d01b54
SHA-1: cbb24a0b37d187a373ee3fa792d76225327dbd16

June 17, 2015

Syhunt Hybrid 5.3 brings dramatically improved detection accuracy - We're proud to announce another milestone in the evolution process of Syhunt Hybrid with the addition of a significant number of new vulnerability checks and improved detection of JSP-based vulnerabilities to its DAST (dynamic application security testing) component. The new checks give the product the ability to achieve 100% detection of today's WAVSEP vulnerabilities and an even higher detection of vulnerabilities in custom web applications:

  • SQL Injection & XSS - Syhunt Hybrid can detect 100% of the SQL Injection and XSS vulnerabilities, but now all SQLi false positive cases in WAVSEP are correctly handled and additional SQLi checks were added.
  • Local File Inclusion - Syhunt Hybrid is now able to detect 100% of the WAVSEP 1.5 LFI cases (all of the 816 cases) during fast or normal scans.
  • Remote File Inclusion - With the improved RFI and LFI detection, Syhunt Dynamic reaches the same results obtained by AppScan in the last WAVSEP, which was #1 at the time. Syhunt Dynamic is now able to detect 100% of the WAVSEP 1.5 RFI test cases, becoming tied with it.
  • Unvalidated Redirect - Syhunt is now able to detect 100% of the Unvalidated Redirect cases that are part of the WAVSEP 1.5 test environment.
  • Hidden, Obsolete & Backup Files - Syhunt is now able to detect all of the latest WAVSEP hidden file cases (including copied files).

Other changes include:

  • New hunt methods for the improved categories:
    • fileinc - Checks for Remote & Local File Inclusion. Works for both code and dynamic scans.
    • fileold - Checks Hidden, Obsolete & Backup Files, but not as aggressively as the structbf (Structure Brute Force) method. Applies only to dynamic scans.
    • unvredir - Checks for Unvalidated Redirect vulnerabilities. Works for both code and dynamic scans.
  • Improved URL parameter manipulation.

Syhunt Hybrid 5.3 is available free of charge to all registered Syhunt users.

March 26, 2015

Syhunt Hybrid 5.2 released with major improvements - We are happy to announce the immediate availability of Syhunt Hybrid 5.2. The new release is now tightly integrated with the latest Syhunt Dynamic, Syhunt Code and Sandcat Browser releases. Over the last months, the browser has been a major focus for Syhunt, which has resulted in numerous improvements such as better certificate handling, and major stability and performance enhancements. We're committed to continue improving the user experience and make modifications to take the product to the next level.

Thanks to all the organizations that have recently joined our customer community and the ones who have been with us since the beginning, who entrust us with their web application security needs and help us further enhance our tools.

May 22, 2014

Syhunt releases Sandcat Browser 5.0 — We're excited to announce a brand new version of our pen-test oriented web browser Sandcat (codenamed Catarinka browser). The new release will also be available as part of the 5.1 release of the Syhunt Hybrid suite. The new enhancements include: faster startup and responsiveness, huge refactoring and cleanup of the current code, latest Chromium component and improved compatibility with 64-bit Windows editions.

February 20, 2014

Syhunt Dynamic soars to number 1, reaches 94% crawling coverage — New WAVSEP benchmark - The WAVSEP - The Web Application Vulnerability Scanner Evaluation Project performed a massive array of tests on 63 black box web application vulnerability scanners and SAAS services. The comparison findings were published on February 5, 2014. The entire industry and security community benefits from an up-to-date comparison of today's web application security scanners like this one.

A while back — in December, we announced the release of Syhunt Dynamic 5.0 with greatly superior crawling/spidering. This year's WAVSEP data reflects the improvements that have been made in Syhunt Dynamic and shows Syhunt has the number 1 crawling coverage alongside 3 other top solutions which were able to achieve 94 percent coverage on its WIVET test.

WIVET is an open source benchmarking project that aims to statistically analyze web link extractors and adopted as an extension to the WAVSEP project. The WIVET test evaluates the scanner support for various web technologies and its ability to handle obstacles while crawling and mapping the structure of websites. According to the WAVSEP, developers, penetration testers and QA engineers need a tool with a high score in this category, especially if they prefer as much automation as possible in the web application security assessment process.

When it comes to vulnerability detection rates, Syhunt Dynamic repeated last year's performance with 100 percent detection of SQL Injection, both blind and time-based, and XSS (Cross-Site Scripting) vulnerabilities. WAVSEP used a large collection of over 1000 vulnerable test cases for 6 different attack vectors to compare the tools, which were made public simultaneously with the results.

See the full details about the WAVSEP 2014 comparison here.

February 20, 2014

Syhunt Hybrid now detects open redirect vulnerabilities - Today we are announcing that Syhunt Hybrid 5.01 is now available for download in the customer area for subscribed customers. This update expands Syhunt's extensive list of checks by bringing in the ability to locate open/unvalidated redirect vulnerabilities in web applications, an ability that is now supported by our dynamic application security testing solution, Syhunt Dynamic, our static application security testing solution, Syhunt Code, and the even more advanced Syhunt Hybrid, which combines both solutions.

Unvalidated redirects are often exploited to perform phishing attacks and used, for example, to trick users into revealing their passwords and downloading malware. The weakness, also referred to as CWE-601 by the MITRE's Common Weakness Enumeration project, is considered an OWASP violation and listed as part of their Top Ten 2013 document.

With this new addition, Syhunt now checks for over 30 classes of web application security vulnerabilities, including XSS (Cross-Site Scripting), SQL Injection, File Inclusion and Command Execution vulnerabilities. Syhunt plans to keep adding new checks and improving existing ones in future updates.

January 12, 2014

Major higher-education institution in France selects Syhunt - École Polytechnique, a higher-education and research institution in France, has selected Syhunt Hybrid for securing all its web sites and web applications. Syhunt is pleased to provide its hybrid web application security scanning solution to this customer and to other organizations in Europe and the rest of the world that are part or will be joining our customer community. Syhunt's unique scanning capabilities are allowing customers to perform deep remote assessments and code reviews of web applications like they never did before and to fix a high number of vulnerabilities they never thought existed.