Kiuwan Release Announcement – June 3, 2020

We are pleased to announce that on June 3, 2020, Kiuwan released a new update!

This release has many new features, including new rules for Java/JSP and C/C++, plus support for the latest version of Java. We have also added the option of auto-disabling accounts that have been left unused. Read below more about this latest Kiuwan update.

1. Improved Java parser to support version 13 & 14

We have also made language syntax changes for Java 13 and 14:

• Switch Expressions
• Text Blocks
• Pattern Matching for Instanceof
• Records

2. Improved C/C++ technology support

Our analysis engine now has support for the Tainting Propagation Algorithm and the Local Symbol Table, giving us better support for the detection of vulnerabilities.

We have also added 23 new rules and improved many of the existing ones for both C and C++.

3. New Java/JSP rules

We have added 3 new rules:

1. Spring CSRF unrestricted RequestMapping (CWE:352, WASC:9, SANS25:2010:4, OWASP:2013:A8, SANS25:2011:12, PCI-DSS:6.5.1, CWETOP25:2019:9)
2. Improper Neutralization of Input leads to Reflected File Download (CWE:79, OWASP:2017:A1, OWASP:2013:A1, SANS25:2010:9, SANS25:2011:2, OWASP-M:2014:M7, CWETOP25:2019:2)
3. Specify a integrity attribute on the