What's New in Syhunt 6.8.2

April 2, 2020

Syhunt Hybrid 6.8.2 released, adds static code analysis of Ruby web apps and more

A new update released today brings a long-awaited feature to Syhunt: SAST for Ruby based web applications. Syhunt 6.8.2 is now able to scan the source code of web applications in Ruby (Rails and ERB) for security bugs with coverage for over 19 vulnerability categories. Of all the programming languages which have been added to Syhunt over recent years, Ruby was the only important one that was missing. In addition to this important new feature, Syhunt 6.8.2 also includes compliance reporting and scan method for the 2019 CWE Top 25 Most Dangerous Software Errors, and Imperva SecureSphere compatible vulnerability export for allowing virtual patching of new vulnerabilities as they are identified by the tool.

Code Checks for Ruby

Syhunt 6.8.2 adds source code checks for the following vulnerabilities and weaknesses in Ruby code:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Arbitrary File Manipulation
  • Broken Cryptography
  • Code Injection
  • Denial of Service
  • Hardcoded Sensitive Information
  • HTTP Header Injection
  • Insecure Communication
  • Insecure Data Storage
  • Information Disclosure
  • Log Forging
  • Bad Practices
  • Weak Password Hashing
  • Command Execution
  • Security Misconfiguration
  • Server-Side Request Forgery
  • Uncontrolled Format String
  • Unvalidated Redirect

Other Improvements

  • Added header manipulation checks in Syhunt Dynamic.
  • Added beta Imperva SecureSphere WAF XML output for virtual patching.
  • Added a compliance template for the 2019 CWE Top 25 Most Dangerous Software Errors.
  • Added two new scan methods: CWE Top 25 and OWASP Top 10, which allow to scan specifically for the top 25 most dangerous software errors and the 10 most critical web application security risks.
  • Added an important cleanup of temporary files created during OAST testing in Syhunt Dynamic.
  • Improved parsing of Python code.

We hope you enjoy the new release!