...
Info |
---|
Main features of this release are:
|
...
- OPT.OBJECTIVEC.SECURITY.AvoidSMS
- OPT.OBJECTIVEC.SECURITY.BiometricWithoutMessage
- OPT.OBJECTIVEC.SECURITY.CommandInjectionRule
- OPT.OBJECTIVEC.SECURITY.ConnectionStringParameterPollution
- OPT.OBJECTIVEC.SECURITY.ExecutionAfterRedirect
- OPT.OBJECTIVEC.SECURITY.HardcodedCryptoKey
- OPT.OBJECTIVEC.SECURITY.HardcodedIp
- OPT.OBJECTIVEC.SECURITY.HardcodedUsernamePassword
- OPT.OBJECTIVEC.SECURITY.HttpParameterPollutionRule
- OPT.OBJECTIVEC.SECURITY.HttpResponseCachingLeak
- OPT.OBJECTIVEC.SECURITY.HttpSplittingRule
- OPT.OBJECTIVEC.SECURITY.InformationExposureThroughErrorMessage
- OPT.OBJECTIVEC.SECURITY.InsecureTemporaryFile
- OPT.OBJECTIVEC.SECURITY.KeyboardCachingLeak
- OPT.OBJECTIVEC.SECURITY.MailCommandInjection
- OPT.OBJECTIVEC.SECURITY.MissingContentValidation
- OPT.OBJECTIVEC.SECURITY.MissingPasswordFieldMasking
- OPT.OBJECTIVEC.SECURITY.NoSQLInjection
- OPT.OBJECTIVEC.SECURITY.LogForging
- OPT.OBJECTIVEC.SECURITY.PasswordInCommentRule
- OPT.OBJECTIVEC.SECURITY.PasswordInConfigurationFile
- OPT.OBJECTIVEC.SECURITY.PasteboardCachingLeak
- OPT.OBJECTIVEC.SECURITY.PlaintextStorageInACookieRule
- OPT.OBJECTIVEC.SECURITY.PotentialInfiniteLoop
- OPT.OBJECTIVEC.SECURITY.PrivacyViolation
- OPT.OBJECTIVEC.SECURITY.ResourceInjection
- OPT.OBJECTIVEC.SECURITY.ScreenCachingLeak
- OPT.OBJECTIVEC.SECURITY.SensitiveCoreData
- OPT.OBJECTIVEC.SECURITY.SensitiveDataAccessedFromItunes
- OPT.OBJECTIVEC.SECURITY.SensitiveNoSQL
- OPT.OBJECTIVEC.SECURITY.SensitiveSQL
- OPT.OBJECTIVEC.SECURITY.SensitiveUserDefaults
- OPT.OBJECTIVEC.SECURITY.SerializableClassContainingSensitiveData
- OPT.OBJECTIVEC.SECURITY.SerializationInjection
- OPT.OBJECTIVEC.SECURITY.ServerTrustCredentialCheck
- OPT.OBJECTIVEC.SECURITY.ThirdPartyKeyboardAllowed
- OPT.OBJECTIVEC.SECURITY.UncheckedInputInLoopCondition
- OPT.OBJECTIVEC.SECURITY.UnsafeCookie
- OPT.OBJECTIVEC.SECURITY.URLSchemeHijacking
- OPT.OBJECTIVEC.SECURITY.UserControlledSQLPrimaryKey
- OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationIteration
- OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationPassword
- OPT.OBJECTIVEC.SECURITY.XMLInjection
Additional support for detection of NoSQL Injection vulnerabilities
Support has been added to Kiuwan to detect NoSQL Injection vulnerabilities.
Additionaly to JavaScript, C# and VB.NET, Kiuwan provides support for Java, PHP, Python and Objective-C.
(*) You can find new rules by comparing this release of CQM against previous version.
...