It has discovered a number of SQL injections and XSS vulnerabilities we would have missed if tested by hand. One of the best ways of using Syhunt is by combining the source code analysis with the dynamic scanner to quickly zoom in on the real issues. more
Arthur Donkers, Managing Director, Cyberlink Security
Syhunt Hybrid
Get in-depth vulnerability assessment results
Unleash the power of Hybrid-Augmented Analysis (HAST) with Syhunt Hybrid. With its innovative blend of comprehensive static and dynamic security scans, Syhunt Hybrid detects vulnerabilities like XSS, File Inclusion, SQL Injection, and Command Execution with unrivaled precision.
Experience the future of web application security with Syhunt Hybrid's gray box/hybrid scanning capability. Maximize your security by seamlessly combining source code scans with dynamic scans, resulting in unparalleled coverage and detailed security assessments. Elevate your security game with Syhunt Hybrid and secure your web applications with confidence.
Available for on-premises deployment for businesses using Windows, and Linux.
Syhunt Hybrid in Numbers
Outline
Know Our Features
Features
Dynamic Scanner
Syhunt dynamically injects data in web applications and analyzes the application response in order to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats.Source Code Scanner
Designed to scan web applications for various types of issues, such as Cross-Site Scripting (XSS), File Inclusion, SQL Injection, Command Execution and weak validation, the Code scanner is a perfect complement to the already extensive set of remote scanning capabilities available in the Dynamic scanner.Adaptative Checks
Syhunt Hybrid checks can adapt to a large number of environments, such as different OSes (Unix/Win), web servers, databases (MariaDB / MySQL, Oracle, SQL Server, etc), client-side and server-side scripting languages.Integrations
Syhunt Hybrid integrates with GitLab and Jenkins for Continuous Integration (CI), JIRA, GitHub and GitLab for issue tracking, Imperva SecureSphere and F5 BIG-IP Application Security Manager (ASM) for virtual vulnerability patching, and more.CVSS Support
Syhunt Hybrid comes with full support for the Common Vulnerability Scoring System, an industry standard designed to convey vulnerability severity and help determine urgency and priority of response. When a report is generated, vulnerabilities are sorted by default based on their CVSS3 score.Console Utilities
Syhunt's console utilities and Lua API allows the Hybrid suite to be integrated in a variety of environments through the use of scripts. Today any environment that can execute Lua can load and execute Syhunt as a module.Check today for all kinds of vulnerabilities
Syhunt Hybrid includes checks for an extremely wide array of different web application security threats, including:
Check | CWE |
Authentication Bypass / Broken Authentication | CWE-287 |
SQL Injection (Error & Blind) | CWE-89 |
Local File Inclusion | CWE-98 |
Remote File Inclusion | CWE-98 |
Command Execution | CWE-78 |
Cross-Site Scripting (XSS) | CWE-79 |
NoSQL Injection | |
Unvalidated Redirects | CWE-601 |
Arbitrary File Manipulation | CWE-73 |
CRLF Injection | CWE-93 |
Directory Traversal | CWE-22 |
Old/Backup Files | CWE-530 |
Path Disclosure | CWE-211 |
LDAP Injection | CWE-90 |
XPath Injection | CWE-91 |
Web-Based Backdoors |
Compliance Auditing
Compliance
Syhunt Hybrid helps organizations address the most pressing compliance issues such as:
- Health Insurance Portability and Accountability Act (HIPAA): The Syhunt Hybrid solution allows healthcare organizations to perform assessment of web applications and portals to identify areas of possible vulnerability to data disclosure, denial of service attacks or system compromise.
- Gramm-Leach-Bliley (GLBA)/Payment Card Industry (PCI) Data Security Standard/CA-SB1: Financial organizations can harden home banking, customer service, ecommerce and other web-based applications and deployments.
- Sarbanes-Oxley: Executive management systems can be assessed and data integrity risks can be mitigated through the use of Syhunt Hybrid against web-based interfaces.
Testimonials
Tools like Syhunt make an application's vulnerability much simpler to detect, no longer requiring a “hacker” level skill set.
SC Magazine
Buy Product
Syhunt Hybrid runs under any modern 64-bit Linux or Windows version, including Windows 10 and 11 (Specs)