Versions Compared

Old Version 2

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 3

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Main features of this release are:

  1. Kiuwan CQM (v1.2.XX) and Engine

    • Enhanced support for security in VB.NET (78 new security rules)

    • Enhanced support for security in Objective-C (43 new security rules)
    • Further support for NoSQL Injection (added support for Java, PHP, Python and Objective-C)
    • fsdfsfsdf
    • Support for SAP HANA - SQLScript (17 new rules for SQLScript)
    • Enhanced support for security in Python (24 new security rules)
    • Recategorization of TypeScript and Angular rules
    • Improved documentation of Java SQL-Injection and XSS rules
    • Bug fixing, performance and reliability improvements in rules for Cobol, Abap, RPG, Java, JavaScript, ObjetiveC, JPS, C#, C++ and VB.NET

  2. Kiuwan website
    • New passwords policy

  3. Kiuwan Insights
    • Enhanced readability of Software Licenses Terms
    • Improved analysis performance and components/vulnerabilities detection

 

...

  • OPT.OBJECTIVEC.SECURITY.AvoidSMS 
  • OPT.OBJECTIVEC.SECURITY.BiometricWithoutMessage 
  • OPT.OBJECTIVEC.SECURITY.CommandInjectionRule 
  • OPT.OBJECTIVEC.SECURITY.ConnectionStringParameterPollution 
  • OPT.OBJECTIVEC.SECURITY.ExecutionAfterRedirect 
  • OPT.OBJECTIVEC.SECURITY.HardcodedCryptoKey 
  • OPT.OBJECTIVEC.SECURITY.HardcodedIp 
  • OPT.OBJECTIVEC.SECURITY.HardcodedUsernamePassword 
  • OPT.OBJECTIVEC.SECURITY.HttpParameterPollutionRule  
  • OPT.OBJECTIVEC.SECURITY.HttpResponseCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.HttpSplittingRule 
  • OPT.OBJECTIVEC.SECURITY.InformationExposureThroughErrorMessage 
  • OPT.OBJECTIVEC.SECURITY.InsecureTemporaryFile 
  • OPT.OBJECTIVEC.SECURITY.KeyboardCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.MailCommandInjection 
  • OPT.OBJECTIVEC.SECURITY.MissingContentValidation 
  • OPT.OBJECTIVEC.SECURITY.MissingPasswordFieldMasking 
  • OPT.OBJECTIVEC.SECURITY.NoSQLInjection 
  • OPT.OBJECTIVEC.SECURITY.LogForging 
  • OPT.OBJECTIVEC.SECURITY.PasswordInCommentRule 
  • OPT.OBJECTIVEC.SECURITY.PasswordInConfigurationFile 
  • OPT.OBJECTIVEC.SECURITY.PasteboardCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.PlaintextStorageInACookieRule 
  • OPT.OBJECTIVEC.SECURITY.PotentialInfiniteLoop 
  • OPT.OBJECTIVEC.SECURITY.PrivacyViolation 
  • OPT.OBJECTIVEC.SECURITY.ResourceInjection 
  • OPT.OBJECTIVEC.SECURITY.ScreenCachingLeak 
  • OPT.OBJECTIVEC.SECURITY.SensitiveCoreData 
  • OPT.OBJECTIVEC.SECURITY.SensitiveDataAccessedFromItunes 
  • OPT.OBJECTIVEC.SECURITY.SensitiveNoSQL 
  • OPT.OBJECTIVEC.SECURITY.SensitiveSQL 
  • OPT.OBJECTIVEC.SECURITY.SensitiveUserDefaults 
  • OPT.OBJECTIVEC.SECURITY.SerializableClassContainingSensitiveData 
  • OPT.OBJECTIVEC.SECURITY.SerializationInjection 
  • OPT.OBJECTIVEC.SECURITY.ServerTrustCredentialCheck 
  • OPT.OBJECTIVEC.SECURITY.ThirdPartyKeyboardAllowed 
  • OPT.OBJECTIVEC.SECURITY.UncheckedInputInLoopCondition 
  • OPT.OBJECTIVEC.SECURITY.UnsafeCookie 
  • OPT.OBJECTIVEC.SECURITY.URLSchemeHijacking 
  • OPT.OBJECTIVEC.SECURITY.UserControlledSQLPrimaryKey 
  • OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationIteration 
  • OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationPassword 
  • OPT.OBJECTIVEC.SECURITY.XMLInjection

 

Additional support for detection of NoSQL Injection vulnerabilities

Support has been added to Kiuwan to detect NoSQL Injection vulnerabilities.

Additionaly to JavaScript, C# and VB.NET, Kiuwan provides support for Java, PHP, Python and Objective-C.

 

 

 

 

(*) You can find new rules by comparing this release of CQM against previous version.  

...