Release Notes for Quixxi Users:
Usage of Random number generation using Random and SecureRandom with seed value will be identified as vulnerability and it will be reported.
Usage of debug symbols in native binaries will be identified as vulnerability.
Application signature will be validated for v1, v2 and v3 signatures based on the target version
ApplicationManifest.xml and network_security_config.xml will be validated for the clear text traffic flag, if the application allows clear text traffic it will be reported as vulnerability
Application will be validated for usage of HTTPURLConnection class for API request. It will reported as vulnerability.
Application will be validated for usage of DexClassloader class. It will reported as vulnerability
Quixxi will insert a logic to validate the signature of the application during the runtime of the application. If it does not match with the keystore used to sign the application then application will quit.
Users can purchase Android DAST One-off or iOS DAST One-off based on their need. Dropping DAST Monthly plan.
Fixed minor bugs in the UI to enhance the user experience.