Usage of debug symbols in native binaries will be identified as vulnerability.
Application signature verification(SAST Android)
Application signature will be validated for v1, v2 and v3 signatures based on the target version
Clear text traffic is allowed in application. (SAST Android)
ApplicationManifest.xml and network_security_config.xml will be validated for the clear text traffic flag, if the application allows clear text traffic it will be reported as vulnerability
Application Uses HTTPURLConnection(SAST Android)
Application will be validated for usage of HTTPURLConnection class for API request. It will reported as vulnerability.
Application uses Dex classloader (SAST Android)
Application will be validated for usage of DexClassloader class. It will reported as vulnerability
Application resigning Prevention (Shield Android)
Quixxi will insert a logic to validate the signature of the application during the runtime of the application. If it does not match with the keystore used to sign the application then application will quit.
User can purchase Android and iOS DAST Scan plans separately
Users can purchase Android DAST One-off or iOS DAST One-off based on their need. Dropping DAST Monthly plan.
Minor text changes and bug fixes to enhance the user experience
Fixed minor bugs in the UI to enhance the user experience.
Rajesh Kumar
Release Notes for Quixxi Users:
Usage of Random number generation using Random and SecureRandom with seed value will be identified as vulnerability and it will be reported.
Usage of debug symbols in native binaries will be identified as vulnerability.
Application signature will be validated for v1, v2 and v3 signatures based on the target version
ApplicationManifest.xml and network_security_config.xml will be validated for the clear text traffic flag, if the application allows clear text traffic it will be reported as vulnerability
Application will be validated for usage of HTTPURLConnection class for API request. It will reported as vulnerability.
Application will be validated for usage of DexClassloader class. It will reported as vulnerability
Quixxi will insert a logic to validate the signature of the application during the runtime of the application. If it does not match with the keystore used to sign the application then application will quit.
Users can purchase Android DAST One-off or iOS DAST One-off based on their need. Dropping DAST Monthly plan.
Fixed minor bugs in the UI to enhance the user experience.