What's New in Syhunt 7.0.13

May 27, 2024

Syhunt Dynamic 7.0.13 adds deep AJAX crawler and checks for GenAI-powered apps

Syhunt is happy to announce the immediate availability of Syhunt Dynamic version 7.0.13. The new release of Syhunt Dynamic, part of Syhunt Hybrid 7.0.13, expands the product's DAST capabilities to perform deeper crawling of AJAX-heavy web applications, testing of LLM-powered web applications, and support Prerendering and Local Storage.

Over more than a decade, Syhunt Dynamic constantly evolved to rise up to the challenge of testing modern web applications. In 2009, Syhunt Dynamic added the ability to analyze and execute JavaScript and AJAX/XHR calls through its in-house developed crawler and browser emulator (codenamed Scarlet). Syhunt's crawler reached 94% crawling coverage during the WIVET test alongside other industry leaders according to an independent benchmark in 2014. Later, Syhunt Dynamic added its SAST-in-DAST capability, expanding the product's ability to understand and analyze client-side JavaScript code and detect vulnerabilities. This included Angular and AngularJS-powered web applications, for which Syhunt added specialized support.

Now, with Syhunt Dynamic 7.0.13, Syhunt expands its coverage and goes beyond the MEAN stack (MongoDB, Express.js, AngularJS e Node.js), tackling additional stacks, such as the highly adopted MERN stack, which replaces Angular with React.js. Through the integration of its robust crawler with Google Chrome, Selenium and Python, Syhunt Dynamic is now able to prerender and better authenticate, crawl and test AJAX-heavy web applications for both client-side and server-side vulnerabilities.

In addition to the enhanced crawler, Syhunt Dynamic 7.0.13 added new injection checks and became the first DAST tool in the market to check for Cross-Site Scripting (XSS) vulnerabilities in LLM-powered web applications. This became possible thanks to Syhunt's pioneer research on the subject that has led to the addition of checks for LLM-related XSS vulnerabilities to the tool.

Focus on Generative AI

Syhunt plans to increase its application security testing coverage of generative AI apps in future releases. In January 2024, as part of a major strategic shift, the company announced and decided that it would discountinue its dark web monitoring operations, which were not the core business of the company, to focus more on generative AI. Despite the strategic shift, Syhunt plans to revamp and re-introduce its breach scoring capability in the future.

Improvements in 7.0.13

  • Added checks for LLM-Specific Cross-Site Scripting vulnerabilities. For more details, read our paper on the subject.
  • Significantly improved AJAX crawling capabilities.
  • Added support for Prerendering and Local Storage.
  • Added optional support for Selenium Wire.
  • HTML reports generated with Complete template now include the response information.
  • Added a new referer-related spider rule to Dynamic.
  • Added option to delete user in the Syhunt web interface.
  • Added additional spider optimizations to Dynamic.
  • Improved AI Login feature - improved success rate after model update.
  • Fixed: false positive related to IFrame Cross-Zone Scripting when analyzing client-side code.
  • Fixed: MDB file processing problem during SAST.

That's all, for now. Happy bug hunting!