Release Notes for Quixxi Users:

1. Random number generator validation on DAST Scan (Android)

Usage of Random number generation using Random and SecureRandom with seed value will be identified as vulnerability and it will be reported.

2. Native binaries contains debug symbols (SAST Android)

Usage of debug symbols in native binaries will be identified as vulnerability.

3. Application signature verification(SAST Android)

Application signature will be validated for v1, v2 and v3 signatures based on the target version

4. Clear text traffic is allowed in application. (SAST Android)

ApplicationManifest.xml and network_security_config.xml will be validated for the clear text traffic flag, if the application allows clear text traffic it will be reported as vulnerability

5. Application Uses HTTPURLConnection(SAST Android)

Application will be validated for usage of HTTPURLConnection class for API request. It will reported as vulnerability.

6. Application uses Dex classloader (SAST Android)

Application will be validated for usage of DexClassloader class. It will reported as vulnerability

7. Application resigning Prevention (Shield Android)

Quixxi will insert a logic to validate the signature of the application during the runtime of the application. If it does not match with the keystore used to sign the application then application will quit.

8. User can purchase Android and iOS DAST Scan plans separately

Users can purchase Android DAST One-off or iOS DAST One-off based on their need. Dropping DAST Monthly plan.

9. Minor text changes and bug fixes to enhance the user experience

Fixed minor bugs in the UI to enhance the user experience.