Lucent Sky AVM 3.5 release information

2018/12/26 |

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 3.5, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 3.5 released.

New features and updates included in Lucent Sky AVM 3.5

  • Mitigation algorithms general availability update - The general availability (GA) update focuses on makes remediation more accurate. As a result, some vulnerabilities that previously had no remediation available or a low mitigation confidence score should have confidence remediation available (a re-scan is required). As a GA update, it will be enabled to all scans done in Lucent Sky AVM 3.5.

  • Mitigation algorithms preview update - The preview update enables remediation on additional vulnerabilities and should improve remediation rate of vulnerabilities such as cross-site scripting and privacy violation in .NET web applications. As a preview update, it is only available on Lucent Sky AVM instances with preview features enabled and will only be enabled with the scan argument mitigation,preview. To enable preview features on your Lucent Sky AVM instances, join the Lucent Sky AVM Preview Program.

  • Mobile app analysis engine improvements - Lucent Sky AVM is now capable of identifying buffer overflow (CWE-120) and use of dangerous function (CWE-242) in mobile apps developed with iOS (Objective-C), as well as identifying additional variation of use of broken or risky cryptographic algorithm (CWE-327) in all supported technology stacks.

  • Minor UI updates - Minor UI updates were included in this release to improve Web UI usability, such as providing more license details.

List of fixes included in Lucent Sky AVM 3.5

No fix was was included in Lucent Sky AVM 3.5.

Known issues of Lucent Sky AVM 3.5

Scanning Java GUI applications

Certain vulnerabilities are no longer identified in Java GUI applications (such as those developed with Swing or SWT). This is due to a bug in the built-in analysis rules shipped with Lucent Sky AVM 3.5.

A hot fix is available for this issue. If you plan to scan Java GUI applications using Lucent Sky AVM 3.5, please obtain the hotfix from Lucent Sky support.

This issue has been resolved in Lucent Sky AVM 3.6.

Generating reports and mitigated source code of ASP.NET applications

If an ASP.NET application contains vulnerabilities involving .aspx files, the path of these .aspx files are displayed incorrectly on the Web UI and HTML/PDF/XML reports. Furthermore, if the Instant Fixes of these vulnerabilities are in the .aspx files, these Instant Fixes will not be included when generating mitigated source code.

This issue only affects .aspx files. Code-behind files (such as .aspx.cs and .aspx.vb) and Razor files (.cshtml and .vbhtml) are not affected.

A hot fix is available for this issue. If you are experiencing this issue, please obtain the hotfix from Lucent Sky support.

This issue has been resolved in Lucent Sky AVM 3.6.