[WEB SECURITY] Announcement: DefenseCode Thunderscan v1.2 WebApp Source Code Security Scanning Release (SAST)

DefenseCode defensecode at defensecode.com
Fri Jan 24 11:13:54 EST 2014


We are proud to present you updated version of our Thunderscan SAST
product for comprehensive
Web Application Source Code Security Scanning.
DefenseCode ThunderScan version 1.2 for Web Application Source Code
Security Analysis is available now.

DefenseCode ThunderScan products are designed for comprehensive security
assessment of web application source code in
order to discover critical security vulnerabilities that hackers could
exploit to compromise web application security.

More information about the product is available here:

ThunderScan v1.2 supported languages:
- ASP.Net C#
- Java/JSP
- VB.Net
- Classic ASP

Thunderscan v1.2 will scan web applications for a wide range of security
vulnerabilities like:
- SQL Injection
- File Disclosure
- Page Inclusion
- Code Injection
- Shell Command Execution
- Cross Site Scripting
- File Manipulation
- Arbitrary File Upload
- Dangerous Configuration Settings
- Arbitrary Server Connection
- XPATH Injection
- LDAP Injection
- HTTP Response Splitting
- Information Leak
- Mail Relay
- Misc. Dangerous Functions
- Dangerous File Extensions
- And more

UPDATE - ThunderScan v1.2 New Features:
- Improved source code scanning speed
- Improved source code scanning coverage
- Implemented additional Java SQL Injection checks
- Improved Java Spring Annotation detection
- Implemented additional Java direct output XSS checks
- Implemented additional PHP security scanning checks
- Improved OO support for PHP scanning
- Implemented additional C# security scanning checks
- Implemented additional heuristis for custom user input functions
- Fixed multiline function definition discovery bug
- Improved OO support for code scanning
- Added additional checks for filtering functions
- Fixed Java and C# data type detection bug
- Improved support for tainted class properties
- Improved support for PHP global variables
- Additional security checks for PHP code injection
- Additional security checks for VB.Net and Classic ASP
- Improved scanning engine heuristic capabilities

Demo run against PHP Mutillidae can be seen here:

We are continuously working on improving our products and keeping them
up to date
so you can be sure that all the latest threats get detected.

Kind Regards
DefenseCode LLC.
ThunderScan - Scan your Web Application For Security Vulnerabilities

More information about the websecurity mailing list