What's New in Syhunt 7.0.15


December 30, 2024

Syhunt Hybrid 7.0.15 adds SAST for Dart and Flutter apps

Syhunt is excited to announce the addition of Static Application Security Testing (SAST) support for Dart and Flutter to its Syhunt Hybrid product. This long-awaited enhancement empowers developers to scan their Dart and Flutter applications for vulnerabilities with precision and ease, ensuring robust security from the ground up. With this update, Syhunt Hybrid introduces over 160 vulnerability checks specifically designed for Dart and Flutter applications. These comprehensive checks cover a wide range of security issues, including those outlined in the OWASP Mobile Top 10 2024—standards that Syhunt has supported since April. The new checks address critical areas such as secure handling of platform-specific features for iOS and Android, as well as vulnerabilities in Dart code intended to run on the server-side.

This enhancement is especially significant given the rapid growth and popularity of Flutter and Dart in the development community. Flutter, Google’s open-source UI toolkit, is celebrated for enabling the creation of natively compiled, visually stunning applications for mobile, web, and desktop platforms—all from a single codebase. Dart, the language underpinning Flutter, is a modern programming tool that emphasizes developer productivity, offering fast compilation, a rich library ecosystem, and seamless compatibility with Flutter. Together, they form a powerful ecosystem that demands equally robust security measures—something Syhunt Hybrid is now fully equipped to deliver.

Improvements in 7.0.15

  • Added the long-awaited SAST support for the Dart programming language and Flutter framework. This includes a total of 166 security checks, covering a variety of vulnerability categories, iOS and Android platforms.
  • Improved report translation (replaced references to Syhunt wiki with appropriate descriptions, making the report fully translated).
  • CLI tracker parameter now allows passing a DefectDojo tracker dynamically or modifying an existing one.
  • Fixed: an issue with scancode CLI command that could cause it to report a conflicting number of vulnerabilities in console output at the end of scan - this bug was not affecting generated reports).
  • Fixed: casting error message when trying to generate report through CLI with an expired license key.
  • Fixed: two false positive cases related to Insecure Salting Weakness and Hardcoded Credentials.

That's all, for now. Happy bug hunting!

Contact