ThunderScan SAST - DefenseCode

ThunderScan® SAST

STATIC APPLICATION SECURITY TESTING SOLUTION

Attacks on applications present a major risk to any organization’s security.

ThunderScan security audit of application source code is the best approach to ensure that your applications are free of critical vulnerabilities.

In-depth audit on critical vulnerabilities
Easy integration into DevOps environment
Testing requires almost no user input

Why are large enterprises switching to ThunderScan?

Automate security vulnerability testing
Fast, accurate and actionable results
Seamless DevOps and CI/CD integration

Powerful REST API interface
Scalability and cross-platform support
Low false positive rate

Supports a wide range of programming languages
On-premise solution
Standard Compliance reports

ThunderScan® SAST

Attacks on applications present a major risk to any organization's security.

ThunderScan security audit of application source code is the best approach to ensure that your applications are free of critical vulnerabilities.

In-depth audit on critical vulnerabilities
Easy integration into DevOps environment
Testing requires almost no user input

ThunderScan® SAST

The best Alternative to manual code review

ThunderScan can scan millions of source code lines across 29 different programming languages and various programming frameworks within hours or even minutes.

ThunderScan performs fast and accurate analysis of large and complex source code projects, delivering:

Highly precise results
Low false positive rate

Take action and discover your vulnerabilities

ThunderScan® scans for more than 70 different vulnerability types.

Including OWASP Top 10, SANS 25 and CWE

HIGH

SQL Injection
Command Injection
Code Injection
XPath Injection
LDAP Injection
XML External Entity (XXE) Injection
Path/Directory Traversal
Deserialization of Untrusted Data
Server Pages Execution
Server Side Request Forgery
PHP File Inclusion
Buffer Overflow
Integer Overflow
Arbitrary Library Injection
Use After Free
Double Free
Time of Check Time of Use
Uncontrolled Format String
Out of Buffer Bounds Read
Out of Buffer Bounds Write
Insecure Data Storage
Insufficient Transport Layer Protection
Shared Preferences Usage
Man-in-the-Middle Attack

MEDIUM

File Manipulation
Cross-Site Scripting
DOM Based Cross-Site Scripting
HTTP Header Injection
HTTP Response Splitting
Unvalidated/Open Redirect
Regex Denial of Service (ReDoS)
Sleep Denial Of Service
System Properties Change
Session Fixation
Session Poisoning
Integer Underflow
Uncontrolled Memory Allocation
Intents Usage
Arbitrary Code Injection
Application Configuration
Trust Boundary Violation
Location Information

LOW

Hardcoded Password/Credentials
Secret Key In Source
Heap Inspection
Error Messages Information Exposure
Log Forging
Log Messages Information Leak
Console Output
Weak Encryption Strength
Weak Hash Strength
Weak Pseudo-Random
Arbitrary Server Connection
Mail Relay
File Upload
Cookie Injection
Cookie Without 'HttpOnly' Flag
Dangerous File Extensions
Dangerous HTML Embedded
Hidden HTML Input
FTP Command Injection
Mass Assignment
Memcache Injection Vulnerability
Sensitive Database Data Modification
Symlink Vulnerability
System Properties Disclosure

High dev-support level

0 ⁺

Dev environments

0 ⁺

Languages

0 ⁺

Frameworks

C#
JAVA
KOTLIN
PHP
PYTHON
RUBY
GO
JAVASCRIPT / NODE.JS
TYPESCRIPT
GROOVY
C/C++
VB.NET
VISUAL BASIC
VBSCRIPT
ASP CLASSIC
IOS OBJECTIVE C
SWIFT
ANDROID JAVA
COLDFUSION
PLSQL
COBOL
ABAP
SALESFORCE APEX
ASP.NET
JSP
HTML/HTML5
SQL
XML
XAMARIN

ASP.NET
TELERIK
ENTITY FRAMEWORK
J2EE
PYTHON
SPRING BOOT
JAX-RS
JAVA FACES
JAVA BEANS
HIBERNATE
ZEND
CAKE PHP
LARAVEL
CODEIGNITER
FLASK
RUBY ON RAILS
ANGULAR
JQUERY
KNOCKOUT
GRAILS
REVEL
ECHO
IBM DB2
BOTTLE
ASP.NET MVC
HIBERNATE.NET
JSP
SPRING
STRUTS
JAX-WS
JAX-RPC
EJB
WEBSOCKETS
KOHANA
SYMFONY
YII
PHALCON
DJANGO
REACT
NODE.JS
EXPRESSJS
KOA.JS
GORILLA
GIN
BEEGO
BSP
XAMARIN

XML External Entity (XXE) Injection
Path/Directory Traversal
Deserialization of Untrusted Data
Server Pages Execution
Server Side Request Forgery
PHP File Inclusion
Buffer Overflow
Integer Overflow
Arbitrary Library Injection
Use After Free
Double Free
Time of Check Time of Use
Uncontrolled Format String
Out of Buffer Bounds Read
Out of Buffer Bounds Write
Insecure Data Storage
Insufficient Transport Layer Protection
Shared Preferences Usage
Man-in-the-Middle Attack

Unvalidated/Open Redirect
Regex Denial of Service (ReDoS)
Sleep Denial Of Service
System Properties Change
Session Fixation
Session Poisoning
Integer Underflow
Uncontrolled Memory Allocation
Intents Usage
Arbitrary Code Injection
Application Configuration
Trust Boundary Violation
Location Information

Log Messages Information Leak
Console Output
Weak Encryption Strength
Weak Hash Strength
Weak Pseudo-Random
Arbitrary Server Connection
Mail Relay
File Upload
Cookie Injection
Cookie Without 'HttpOnly' Flag
Dangerous File Extensions
Dangerous HTML Embedded
Hidden HTML Input
FTP Command Injection
Mass Assignment
Memcache Injection Vulnerability
Sensitive Database Data Modification
Symlink Vulnerability
System Properties Disclosure
Trust Boundary Violation
Divide By Zero
Use of Inherently Dangerous Function
Use of Insecure Functions
Miscellaneous Dangerous Functions
WebView Implementation
External URL Access
External Data In SQL Queries

Ready to test your applications?

Scalable and flexible licensing

Dedicated 24h support

Cross-platform solutions

Guided on-premise setup