Versions Compared

Old Version 1

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 2

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Main features of this release are:

  1. Kiuwan CQM (v1.2.XX) and Engine

    • Enhanced support for security in VB.NET (78 new security rules)

    • Enhanced support for security in Objective-C (43 new security rules)
    • fsdfsfsdf
    • Support for SAP HANA - SQLScript (17 new rules for SQLScript)
    • Enhanced support for security in Python (24 new security rules)
    • Recategorization of TypeScript and Angular rules
    • Improved documentation of Java SQL-Injection and XSS rules
    • Bug fixing, performance and reliability improvements in rules for Cobol, Abap, RPG, Java, JavaScript, ObjetiveC, JPS, C#, C++ and VB.NET

  2. Kiuwan website
    • New passwords policy

  3. Kiuwan Insights
    • Enhanced readability of Software Licenses Terms
    • Improved analysis performance and components/vulnerabilities detection

 

...

  • OPT.VBNET.CodeInjection 
  • OPT.VBNET.CodeInjectionWithDeserialization 
  • OPT.VBNET.CommandInjection 
  • OPT.VBNET.CrossSiteRequestForgery 
  • OPT.VBNET.CrossSiteScripting 
  • OPT.VBNET.DoSRegexp 
  • OPT.VBNET.InsecureRandomness 
  • OPT.VBNET.JSONInjection 
  • OPT.VBNET.LdapInjection 
  • OPT.VBNET.MVCNonActionPublicMethods 
  • OPT.VBNET.MVCPostInControllers 
  • OPT.VBNET.MVCPreventOverpostingModelDefinition 
  • OPT.VBNET.MVCPreventUnderpostingModelComposition 
  • OPT.VBNET.MVCPreventUnderpostingModelDefinition 
  • OPT.VBNET.MVCRemoveVersionHeader 
  • OPT.VBNET.OpenRedirect 
  • OPT.VBNET.PathTraversal 
  • OPT.VBNET.PotentialInfiniteLoop 
  • OPT.VBNET.ResourceLeakDatabase 
  • OPT.VBNET.ResourceLeakLdap 
  • OPT.VBNET.ResourceLeakStream 
  • OPT.VBNET.ResourceLeakUnmanaged 
  • OPT.VBNET.SEC.AccessibilitySubversionRule 
  • OPT.VBNET.SEC.AnonymousLdapBind 
  • OPT.VBNET.SEC.AvoidHostNameChecks 
  • OPT.VBNET.SEC.ConnectionStringParameterPollution 
  • OPT.VBNET.SEC.CookiesInSecurityDecision 
  • OPT.VBNET.SEC.CrossSiteHistoryManipulation 
  • OPT.VBNET.SEC.DangerousFileUpload 
  • OPT.VBNET.SEC.HardcodedCredential 
  • OPT.VBNET.SEC.HardcodedCryptoKey 
  • OPT.VBNET.SEC.HardcodedNetworkAddress 
  • OPT.VBNET.SEC.HardcodedSalt 
  • OPT.VBNET.SEC.HttpParameterPollution 
  • OPT.VBNET.SEC.HttpRequestValueShadowing 
  • OPT.VBNET.SEC.HttpSplittingRule 
  • OPT.VBNET.SEC.ImproperAuthentication 
  • OPT.VBNET.SEC.InformationExposureThroughDebugLog 
  • OPT.VBNET.SEC.InformationExposureThroughErrorMessage 
  • OPT.VBNET.SEC.InsecureEmailTransport 
  • OPT.VBNET.SEC.InsecureTransport 
  • OPT.VBNET.SEC.LogForging 
  • OPT.VBNET.SEC.MailCommandInjection 
  • OPT.VBNET.SEC.MainMethodInWebApplication 
  • OPT.VBNET.SEC.MissingStandardErrorHandling 
  • OPT.VBNET.SEC.NoSQLInjection 
  • OPT.VBNET.SEC.PlaintextStorageOfPassword 
  • OPT.VBNET.SEC.ProcessControl 
  • OPT.VBNET.SEC.ProperPaddingWithPublicKeyCrypto 
  • OPT.VBNET.SEC.RegistryManipulation 
  • OPT.VBNET.SEC.ResourceInjection 
  • OPT.VBNET.SEC.SerializableClassContainingSensitiveData 
  • OPT.VBNET.SEC.ServerInsecureTransport 
  • OPT.VBNET.SEC.SettingManipulation 
  • OPT.VBNET.SEC.StaticDatabaseConnection 
  • OPT.VBNET.SEC.TemporaryFilesLeft 
  • OPT.VBNET.SEC.TrustBoundaryViolation 
  • OPT.VBNET.SEC.UnsafeCookieRule 
  • OPT.VBNET.SEC.UnsafeReflection 
  • OPT.VBNET.SEC.UnvalidatedAspNetModel 
  • OPT.VBNET.SEC.UserControlledSQLPrimaryKey 
  • OPT.VBNET.SEC.XMLEntityInjection 
  • OPT.VBNET.ServerSideRequestForgery 
  • OPT.VBNET.SqlInjection 
  • OPT.VBNET.StoredCrossSiteScripting 
  • OPT.VBNET.SystemInformationLeak 
  • OPT.VBNET.TooMuchOriginsAllowed 
  • OPT.VBNET.UncheckedInputInLoopCondition 
  • OPT.VBNET.UncheckedReturnValue 
  • OPT.VBNET.WeakCryptographicHash 
  • OPT.VBNET.WeakEncryption 
  • OPT.VBNET.WeakKeySize 
  • OPT.VBNET.WeakSymmetricEncryptionAlgorithm 
  • OPT.VBNET.WeakSymmetricEncryptionModeOfOperation 
  • OPT.VBNET.XMLInjection 
  • OPT.VBNET.XPathInjection 
  • OPT.VBNET.XQueryInjection 
  • OPT.VBNET.XSLTInjection

  

New Objective-C security rules

  • OPT.OBJECTIVEC.SECURITY.AvoidSMS 
  • OPT.OBJECTIVEC.SECURITY.BiometricWithoutMessage 
  • OPT.OBJECTIVEC.SECURITY.CommandInjectionRule 
  • OPT.OBJECTIVEC.SECURITY.ConnectionStringParameterPollution 
  • OPT.OBJECTIVEC.SECURITY.ExecutionAfterRedirect 
  • OPT.OBJECTIVEC.SECURITY.HardcodedCryptoKey 
  • OPT.OBJECTIVEC.SECURITY.HardcodedIp 
  • OPT.OBJECTIVEC.SECURITY.HardcodedUsernamePassword 
  • OPT.OBJECTIVEC.SECURITY.HttpParameterPollutionRule  
  • OPT.OBJECTIVEC.SECURITY.HttpResponseCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.HttpSplittingRule 
  • OPT.OBJECTIVEC.SECURITY.InformationExposureThroughErrorMessage 
  • OPT.OBJECTIVEC.SECURITY.InsecureTemporaryFile 
  • OPT.OBJECTIVEC.SECURITY.KeyboardCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.MailCommandInjection 
  • OPT.OBJECTIVEC.SECURITY.MissingContentValidation 
  • OPT.OBJECTIVEC.SECURITY.MissingPasswordFieldMasking 
  • OPT.OBJECTIVEC.SECURITY.NoSQLInjection 
  • OPT.OBJECTIVEC.SECURITY.LogForging 
  • OPT.OBJECTIVEC.SECURITY.PasswordInCommentRule 
  • OPT.OBJECTIVEC.SECURITY.PasswordInConfigurationFile 
  • OPT.OBJECTIVEC.SECURITY.PasteboardCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.PlaintextStorageInACookieRule 
  • OPT.OBJECTIVEC.SECURITY.PotentialInfiniteLoop 
  • OPT.OBJECTIVEC.SECURITY.PrivacyViolation 
  • OPT.OBJECTIVEC.SECURITY.ResourceInjection 
  • OPT.OBJECTIVEC.SECURITY.ScreenCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.SensitiveCoreData 
  • OPT.OBJECTIVEC.SECURITY.SensitiveDataAccessedFromItunes 
  • OPT.OBJECTIVEC.SECURITY.SensitiveNoSQL 
  • OPT.OBJECTIVEC.SECURITY.SensitiveSQL 
  • OPT.OBJECTIVEC.SECURITY.SensitiveUserDefaults 
  • OPT.OBJECTIVEC.SECURITY.SerializableClassContainingSensitiveData 
  • OPT.OBJECTIVEC.SECURITY.SerializationInjection 
  • OPT.OBJECTIVEC.SECURITY.ServerTrustCredentialCheck 
  • OPT.OBJECTIVEC.SECURITY.ThirdPartyKeyboardAllowed 
  • OPT.OBJECTIVEC.SECURITY.UncheckedInputInLoopCondition 
  • OPT.OBJECTIVEC.SECURITY.UnsafeCookie 
  • OPT.OBJECTIVEC.SECURITY.URLSchemeHijacking 
  • OPT.OBJECTIVEC.SECURITY.UserControlledSQLPrimaryKey 
  • OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationIteration 
  • OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationPassword 
  • OPT.OBJECTIVEC.SECURITY.XMLInjection

 

 

(*) You can find new rules by comparing this release of CQM against previous version.  

...