Skip to main content

CxPS Release Internal Note (v2.7.0)

Notice

IMPORTANT NOTE

  • This is an internal page for Checkmarx only, and should not be shared with customers, prospects, or partners.

  • Updates in this version are not final and therefore subject to change.

The following release updates are available for CxIAST version 2.7.0. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 2.7.0 includes the following new features and changes:

Category

Feature

Change to Documentation

Additional Information

Setup & Configuration

Version Upgrade:

If you have version 2.6.1 or below installed, it is required to clean the DB and uninstall the version before upgrading to v2.7.0 installation.

Installing the CxIAST Management Server (v2.7.0)

SSL Configuration Tool:

For configuring secure communication between all CxIAST components automatically.

Installing the CxIAST Management Server (v2.7.0)

Manual Agent Configuration Options

Configuring the AUT Environment Server (v2.7.0)

Interface

Test Coverage: Enables customers to view an estimation regarding the functional testing coverage.

All Applications (v2.7.0)

Vulnerability Face-lift: An improved look-and-feel of these vulnerabilities:

  • Failed Login Without Audit

  • Successful Login Without Audit

  • CSRF

  • App DOS Database Connections

  • Weak DB Password

All Applications (v2.7.0)

System Management

  • Query Editor - Includes new query filtering and text searching capabilities

Query Management (v3.0.0)

Queries (v3.0.0)

  • Log Retention - Periodic deletion of old agent logs

Node.js

Version highlights:

  • Supported versions: Node.js 6 and above

  • Supporting all Web frameworks

  • Ecmasript6 and below

  • Supported DB: MongoDB, MySQL, PostgreSQL

Server Host Requirements (v2.7.0)

C# Support (Alpha Version)

Version Highlights:

  • Supported frameworks: version 4.6 and above

  • Web servers supported: IIS and IIS Express

  • Any Web applications or REST/SOAP applications

Supported Vulnerabilities:

  • Command Injection

  • SQL Injection

  • Second Order Command Injection

  • Second Order SQL Injection

  • Stored XSS

  • XSS

  • Open Redirect

  • Path Traversal

  • Second Order Path Traversal

  • Insecure Cookie

  • Insecure Outgoing Communication

  • Least Privilege Violation

  • Outgoing Connection Discovery

  • Weak Cryptography

  • Weak DB Password

  • Weak Hashing

  • Weak Random

  • Application Entry Point

Queries (v3.0.0)

Standalone Java Applications

  • Extends Java support to applications that run as standalone ("thick client" applications).

  • Out of the box support for REST API applications.

New Java Application Server / Container Support

  • Payara

  • WebSphere

CxIAST User Guide (.pdf)

6501145952

Known Limitations

Category

Limitation

Setup & Configuration

.NET Alpha

  • C# only

  • .NET framework version 4.6 and above

  • A limited number of vulnerabilities

  • Partial support for custom queries

C# Support:

  • Agent is delivered manually (not via the CxIAST UI)

  • Query customization is done manually

  • Next release (v3.0) will include full blown C# version

Support for Other Application Types

  • Other application types (SOAP, Syslog, Web socket, etc.) will not be supported out of the box, and will require customization.

  • Support will be improved in v3.0

Supported Environments

The following environments have been tested with CxIAST version 2.7.0

Operating System

Windows

10 (or higher)

Windows Server

2012 (or higher)

Linux

Any official Linux distribution (excl. macOS)

SQL Server

SQL

2012

* SQL express is supported, but as it is targeted for small-scale installations it is not recommended to be used.

Application Server

Apache Tomcat

7 (or higher)

Wildfly

10.1 (or higher)

JBoss EAP

7 (or higher)

Eclipse Vert.x

3.1 (or higher)

WebLogic

12cR2 (or higher)

WebSphere

WebSphere Liberty – 18 (or higher)

WebSphere Traditional - 9 (or higher)

Jetty

8 (or higher)

Payara

5 (or higher)

Browsers

Microsoft

Edge

Google Chrome

43 (or higher)

Build Servers

Jenkins

2.91 (or higher)

Java Version

Java

6 (or higher)

Supported Code Languages

The following code languages can be scanned using CxIAST version 2.7.0

103252038

Java

6501145958.png

Node.js

6501145949.png

* C#

*Alpha version

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!

In this section: