Supported Languages
[Pages:18]31/01/2020
Syhunt Mobile - List of Application Security Checks
This document was generated by Syhunt Mobile version 6.8.0.0.
Supported Languages
Language Objective-C, C & C++ (iOS) Java (JEE, Android) JavaScript Environments (Node.js, Express.js & Koa.js) JavaScript Client-Side (Angular & AngularJS) Swift (iOS) TypeScript (Angular)
Coverage Type
SAST SAST SAST SAST SAST SAST
Code Checks for Objective-C, C & C++
Total Checks: 136
Check Name Arbitrary File Manipulation
Arbitrary File Write (Zip Slip) Arbitrary File Manipulation Vulnerability Resource Injection API Misuse & Abuse Missing Biometric Auth Operation Justification SMS Usage Broken Authentication Missing Policy Evaluation Check Insufficient Touch ID Restriction (Biometric Auth) Insufficient Authentication Handling Insecure Credential Initialization Missing Request Host Check
Risk
high high high
CWE
22 73 99
low info
low medium high high high
287
1/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Biometric LocalAuthentication Usage
info
Broken Cryptography
Insecure Hashing Algorithm
medium
Empty Cryptographic Key
high
Empty HMAC Secret Key (Crypto)
high
Weak PBE Key Generation
high
Insecure PBE Iteration
high
User-Defined Salt
high
Insecure Initialization Vector (Crypto)
high
Insecure Cryptographic Mode and Initialization Vector
high
Insecure Cryptographic Mode
high
Inadequate Cryptographic Key Size
high
Insecure Cryptographic Algorithm
medium
Code Injection
JavaScript Code Injection (WebView)
high
Unsafe Reflection
high
Denial of Service
Buffer Overflow (Format)
high
Use of Insecure Legacy C Function
medium
Buffer Overflow
high
Buffer Overflow
high
Hardcoded Sensitive Information
Hardcoded URI
info
Unprotected Database or Asset
high
Hardcoded Cryptographic Key
high
Insecure Communication
CWE 287
328 321 321 321 916 328 329 330 327 326 327
95 470
120 676
521 321
2/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Untrusted HTTPS Certificate Acceptance
high
Insecure Cookie Creation
low
Weak SSL Protocol (Default)
medium
Weak SSL Protocol
medium
Insecure HTTP URL
info
Insecure Data Storage
Synchronized Credential
medium
Insecure File Storage (Missing Protection)
medium
Insecure File Storage (Possibly Insufficient Protection)
info
Unencrypted Database
high
Insecure Image Storage
low
HTTP Cache Storage Incorrectly Disabled
high
Insecure HTTP Response Storage
low
Insecure HTTP Session Storage
low
Insecure Storage in Keychain (Missing Protection)
high
Externally Accessible Keychain
high
Insecure Storage in Keychain (Possibly Insufficient Protection)
info
Insecure Storage (Unenforced Passcode Policy)
medium
Insecure Storage in Keychain (Unspecified Access Policy)
medium
Inadequate Password Protection
high
Insecure Storage of Sensitive Information
medium
Cleartext Storage of Sensitive Information
high
Sensitive Data Stored in Documents
high
Information Disclosure
Information Leak
low
Unprotected Database
high
CWE
1004 326 326 319
311 311 311 311 311 311 311 359 359 311 311
261 256 312 359
497 521
3/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Logging of Geolocation Data
medium
Forced Geolocation Data Transmission
medium
Insecure Password Input Field
medium
Insufficient Credential Removal
high
Logging of Sensitive Information
high
Insecure Transmission of Sensitive Information
medium
JSON Injection
JSON Injection
high
Log Forging
Log Forging Vulnerability
low
Bad Practices
Request Cache Usage
info
Missing Default in Switch Statement
low
Use of Jmp Function
medium
Insecure String To Number Conversion
low
Use of Float in Loop
low
Forcible Application Termination
info
Goto Statement Usage
low
Incorrect Temp File or Directory Creation
medium
Overly-General Catch Clause
low
offsetof Macro Usage
low
Command Execution
Command Execution Vulnerability
high
Security Misconfiguration
Missing Content Validation (IPC)
medium
Overly Broad Cookie Creation
low
CWE 359 359 359 359 359 91 117
382
396
78 501 287
4/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Persistent Cookie Creation
info
SQL Injection
SQL Injection Vulnerability
high
Uncontrolled Format String
Uncontrolled Format String
medium
XPath Injection
XPath Injection Vulnerability
high
Cross-Site Scripting (XSS)
Cross-Site Scripting (WebView XSS)
high
CWE 539 89 134 91 79
Code Checks for Objective-C, C & C++ Headers
Total Checks: 1
Check Name Information Disclosure
Insecure Password Input Field
Risk
medium
CWE 359
Code Checks for Java
Total Checks: 315
Check Name
Risk
CWE
Arbitrary File Manipulation
Arbitrary File Manipulation Vulnerability
high
73
Arbitrary File Write (ZIP)
high
22
Inappropriate File Access Permissions
info
276
Broken Authentication
Insegure Storage of Sensitive Information in Cookie
high
Insecure Storage of Sensitive Information
medium
256
Insecure Facebook Login Handling
medium
5/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Deprecated FingerprintManager API Usage
medium
Missing BiometricPrompt Auth Failure Handling
medium
Missing BiometricPrompt Error Handling
medium
Missing BiometricPrompt Acquired Handling
medium
Missing Google Sign In Error Handling
medium
Missing Biometric Capability Check
medium
Broken Cryptography
Insecure Randomness
high
Use of RSA Algorithm without OAEP (Crypto)
medium
Insecure Random Number Generation
medium
Insecure Cryptographic Key Comparison
medium
Insecure Cryptographic Mode
high
Weak Random Number Generation
medium
Missing User Confirmation (Crypto)
medium
Missing unlockedDeviceRequired Flag (Crypto)
medium
Insecure Cryptographic Algorithm
medium
Insecure Cryptographic Mode
high
Inadequate Cryptographic Key Size
high
Improper Seed of SecureRandom
medium
Predictable Random Number Generation
medium
Insecure SHA1 PRNG
medium
Insecure Cryptographic Mode and Initialization Vector
high
Custom Cryptographic Algorithm Usage
info
Insecure Hashing Algorithm
medium
Code Injection
Code Injection
high
CWE
338 780 335 327 330
327 327 326 338 338 328 330 328 94
6/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Unsafe Reflection
high
Code Injection (JavaBean)
high
Insecure URI Rendering (WebView)
high
JavaScript Code Injection (WebView)
high
Debug Entry Points
Leftover Debug Entry Point (Method)
medium
Denial of Service
External Process Block
medium
Regular Expression Injection
medium
File Inclusion
File Inclusion Vulnerability
high
Hardcoded Sensitive Information
Hardcoded URI
info
Unprotected Database or Asset
high
HTTP Header Injection
HTTP Header Injection Vulnerability
medium
HTTP Response Splitting
HTTP Response Splitting Vulnerability
medium
Insecure Communication
Use of Deprecated Java HttpClient
medium
Insecure HTTPS Client Usage
medium
Insecure HTTP Connection
info
Insecure HTTP URL
info
Insecure Socket Data Exchange
medium
Insecure SMTP Connection
medium
Improper Host Verification
medium
CWE 470 15 94 489
400 22
521 113 113
319 319 319 311 297 295
7/18
31/01/2020
Check Name
Syhunt Mobile - List of Application Security Checks
Risk
Insecure Authentication Method
high
Insecure Cookie Creation
low
Weak SSL Protocol
medium
Information Disclosure
Information Leak
low
Error Message Information Exposure
low
Missing Debug Check Call
low
Insecure Temporary File Cleanup
low
External Storage Usage
info
Sensitive Data Stored in External Storage
high
Logging of Sensitive Information
high
Insecure Content Context Mode
medium
Sensitive Data in Global Broadcast
high
Forced Geolocation Data Transmission
medium
Unprotected Database
high
Leftover Debug Code
low
JSON Injection
Unsafe Deserialization (Jackson)
high
LDAP Injection
LDAP Injection Vulnerability
high
Unprotected LDAP Transaction
high
Log Forging
Log Forging Vulnerability
low
Bad Practices
Memory Leak (Static Collection)
low
Use of Java Array Constant
info
CWE 522 1004 326 497 209 377
359 521 489 502 90 521 117
582
8/18
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- practical intelligence is supported by
- adobe reader supported file types
- office 365 supported operating systems
- oracle database supported versions
- who supported the 14th amendment
- vmware supported guest os
- vmware supported operating systems
- xfinity stream supported devices
- situational assessments for supported employment
- who supported the 19th amendment
- who supported the 19th amendment and why
- simply supported beam deflection derivation