Supported Languages

[Pages:18]31/01/2020

Syhunt Mobile - List of Application Security Checks

This document was generated by Syhunt Mobile version 6.8.0.0.

Supported Languages

Language Objective-C, C & C++ (iOS) Java (JEE, Android) JavaScript Environments (Node.js, Express.js & Koa.js) JavaScript Client-Side (Angular & AngularJS) Swift (iOS) TypeScript (Angular)

Coverage Type

SAST SAST SAST SAST SAST SAST

Code Checks for Objective-C, C & C++

Total Checks: 136

Check Name Arbitrary File Manipulation

Arbitrary File Write (Zip Slip) Arbitrary File Manipulation Vulnerability Resource Injection API Misuse & Abuse Missing Biometric Auth Operation Justification SMS Usage Broken Authentication Missing Policy Evaluation Check Insufficient Touch ID Restriction (Biometric Auth) Insufficient Authentication Handling Insecure Credential Initialization Missing Request Host Check



Risk

high high high

CWE

22 73 99

low info

low medium high high high

287

1/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Biometric LocalAuthentication Usage

info

Broken Cryptography

Insecure Hashing Algorithm

medium

Empty Cryptographic Key

high

Empty HMAC Secret Key (Crypto)

high

Weak PBE Key Generation

high

Insecure PBE Iteration

high

User-Defined Salt

high

Insecure Initialization Vector (Crypto)

high

Insecure Cryptographic Mode and Initialization Vector

high

Insecure Cryptographic Mode

high

Inadequate Cryptographic Key Size

high

Insecure Cryptographic Algorithm

medium

Code Injection

JavaScript Code Injection (WebView)

high

Unsafe Reflection

high

Denial of Service

Buffer Overflow (Format)

high

Use of Insecure Legacy C Function

medium

Buffer Overflow

high

Buffer Overflow

high

Hardcoded Sensitive Information

Hardcoded URI

info

Unprotected Database or Asset

high

Hardcoded Cryptographic Key

high

Insecure Communication

CWE 287

328 321 321 321 916 328 329 330 327 326 327

95 470

120 676

521 321



2/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Untrusted HTTPS Certificate Acceptance

high

Insecure Cookie Creation

low

Weak SSL Protocol (Default)

medium

Weak SSL Protocol

medium

Insecure HTTP URL

info

Insecure Data Storage

Synchronized Credential

medium

Insecure File Storage (Missing Protection)

medium

Insecure File Storage (Possibly Insufficient Protection)

info

Unencrypted Database

high

Insecure Image Storage

low

HTTP Cache Storage Incorrectly Disabled

high

Insecure HTTP Response Storage

low

Insecure HTTP Session Storage

low

Insecure Storage in Keychain (Missing Protection)

high

Externally Accessible Keychain

high

Insecure Storage in Keychain (Possibly Insufficient Protection)

info

Insecure Storage (Unenforced Passcode Policy)

medium

Insecure Storage in Keychain (Unspecified Access Policy)

medium

Inadequate Password Protection

high

Insecure Storage of Sensitive Information

medium

Cleartext Storage of Sensitive Information

high

Sensitive Data Stored in Documents

high

Information Disclosure

Information Leak

low

Unprotected Database

high

CWE

1004 326 326 319

311 311 311 311 311 311 311 359 359 311 311

261 256 312 359

497 521



3/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Logging of Geolocation Data

medium

Forced Geolocation Data Transmission

medium

Insecure Password Input Field

medium

Insufficient Credential Removal

high

Logging of Sensitive Information

high

Insecure Transmission of Sensitive Information

medium

JSON Injection

JSON Injection

high

Log Forging

Log Forging Vulnerability

low

Bad Practices

Request Cache Usage

info

Missing Default in Switch Statement

low

Use of Jmp Function

medium

Insecure String To Number Conversion

low

Use of Float in Loop

low

Forcible Application Termination

info

Goto Statement Usage

low

Incorrect Temp File or Directory Creation

medium

Overly-General Catch Clause

low

offsetof Macro Usage

low

Command Execution

Command Execution Vulnerability

high

Security Misconfiguration

Missing Content Validation (IPC)

medium

Overly Broad Cookie Creation

low

CWE 359 359 359 359 359 91 117

382

396

78 501 287



4/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Persistent Cookie Creation

info

SQL Injection

SQL Injection Vulnerability

high

Uncontrolled Format String

Uncontrolled Format String

medium

XPath Injection

XPath Injection Vulnerability

high

Cross-Site Scripting (XSS)

Cross-Site Scripting (WebView XSS)

high

CWE 539 89 134 91 79

Code Checks for Objective-C, C & C++ Headers

Total Checks: 1

Check Name Information Disclosure

Insecure Password Input Field

Risk

medium

CWE 359

Code Checks for Java

Total Checks: 315

Check Name

Risk

CWE

Arbitrary File Manipulation

Arbitrary File Manipulation Vulnerability

high

73

Arbitrary File Write (ZIP)

high

22

Inappropriate File Access Permissions

info

276

Broken Authentication

Insegure Storage of Sensitive Information in Cookie

high

Insecure Storage of Sensitive Information

medium

256

Insecure Facebook Login Handling

medium



5/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Deprecated FingerprintManager API Usage

medium

Missing BiometricPrompt Auth Failure Handling

medium

Missing BiometricPrompt Error Handling

medium

Missing BiometricPrompt Acquired Handling

medium

Missing Google Sign In Error Handling

medium

Missing Biometric Capability Check

medium

Broken Cryptography

Insecure Randomness

high

Use of RSA Algorithm without OAEP (Crypto)

medium

Insecure Random Number Generation

medium

Insecure Cryptographic Key Comparison

medium

Insecure Cryptographic Mode

high

Weak Random Number Generation

medium

Missing User Confirmation (Crypto)

medium

Missing unlockedDeviceRequired Flag (Crypto)

medium

Insecure Cryptographic Algorithm

medium

Insecure Cryptographic Mode

high

Inadequate Cryptographic Key Size

high

Improper Seed of SecureRandom

medium

Predictable Random Number Generation

medium

Insecure SHA1 PRNG

medium

Insecure Cryptographic Mode and Initialization Vector

high

Custom Cryptographic Algorithm Usage

info

Insecure Hashing Algorithm

medium

Code Injection

Code Injection

high

CWE

338 780 335 327 330

327 327 326 338 338 328 330 328 94



6/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Unsafe Reflection

high

Code Injection (JavaBean)

high

Insecure URI Rendering (WebView)

high

JavaScript Code Injection (WebView)

high

Debug Entry Points

Leftover Debug Entry Point (Method)

medium

Denial of Service

External Process Block

medium

Regular Expression Injection

medium

File Inclusion

File Inclusion Vulnerability

high

Hardcoded Sensitive Information

Hardcoded URI

info

Unprotected Database or Asset

high

HTTP Header Injection

HTTP Header Injection Vulnerability

medium

HTTP Response Splitting

HTTP Response Splitting Vulnerability

medium

Insecure Communication

Use of Deprecated Java HttpClient

medium

Insecure HTTPS Client Usage

medium

Insecure HTTP Connection

info

Insecure HTTP URL

info

Insecure Socket Data Exchange

medium

Insecure SMTP Connection

medium

Improper Host Verification

medium

CWE 470 15 94 489

400 22

521 113 113

319 319 319 311 297 295



7/18

31/01/2020

Check Name

Syhunt Mobile - List of Application Security Checks

Risk

Insecure Authentication Method

high

Insecure Cookie Creation

low

Weak SSL Protocol

medium

Information Disclosure

Information Leak

low

Error Message Information Exposure

low

Missing Debug Check Call

low

Insecure Temporary File Cleanup

low

External Storage Usage

info

Sensitive Data Stored in External Storage

high

Logging of Sensitive Information

high

Insecure Content Context Mode

medium

Sensitive Data in Global Broadcast

high

Forced Geolocation Data Transmission

medium

Unprotected Database

high

Leftover Debug Code

low

JSON Injection

Unsafe Deserialization (Jackson)

high

LDAP Injection

LDAP Injection Vulnerability

high

Unprotected LDAP Transaction

high

Log Forging

Log Forging Vulnerability

low

Bad Practices

Memory Leak (Static Collection)

low

Use of Java Array Constant

info

CWE 522 1004 326 497 209 377

359 521 489 502 90 521 117

582



8/18

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.