Flawnter Capabilities

Flawnter is a zero-trust application security testing software. It supports Windows, MacOS and Linux platforms. It's a standalone Java application that can be run as command line or GUI. Requires OpenJDK/Java version 8 or later. Easily integrate Flawnter in your CI/CD pipeline. Provides robust performance and reporting of findings.


Common security and quality checks:

  • Code Execution (RCE, ACE and more)
  • Injection (Command, SQL, XML, LDAP, DOM, LOG and more)
  • Cross-Site Scripting
  • Buffer Over-read/Over-run/overflow
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Insufficient Cryptography
  • Insecure Communication
  • Broken Access Control
  • Broken Authentication
  • Hard Coded Passwords
  • Incorrect Function Usage
  • Path Traversal Attacks
  • Trust Boundary Violation
  • Response Splitting
  • File Manipulation
  • Memory Leaks
  • Deadlocks
  • Race Conditions
  • And More

Features:

  • Static Code Analysis for local files and folders
  • Static Code Analysis for GitLab source code repository
  • Static Code Analysis for GitHub source code repository
  • Static Code Analysis for BitBucket source code repository
  • Static Code Analysis for Azure DevOps source code repository
  • DAST (Dynamic Application Security Testing)
  • DAST SSO Testing
  • Software Composition Analysis (SCA)
  • Analysis of Docker container images
  • Analysis of Infrastructure As Code
  • REST API Security Testing
  • Hardcoded Secrets Scanning
  • Malware Scan
  • Kubernetes Scan
Programming languages support:

  • C/C++, C#, ASP.Net, VB, VBScript, Java, Android (Java), JSP, Kotlin, Javascript, Typescript, Node.js, PHP, Python
    Golang, Ruby, Perl, Swift (iOS and MacOS), Objective-C (iOS and MacOS), PL/SQL, T-SQL, XML, YAML, JSON, CFG, Powershell, Terraform, CloudFormation
  • SAP ABAP using Flawnter extensions

Security and quality coding standards:

  • OWASP Top 10
  • CWE/SANS Top 25
  • PCI DSS
  • NIST 800-53
  • FISMA/FIPS 200
  • CEI CERT Java/C++

Type of reports it generates:

  • HTML full details report
  • HTML simple report
  • XML generic report
  • XML Junit format report
  • XML Nunit format report
  • Json format report
  • CSV format report
  • Text format report
  • CycloneDX/SPDX SBOM creation

Flawnter in GUI mode:




Flawnter in CMD mode: Scan file or folder using command line. By default results of the scan go to folder called scanreport. You can also specify results path. For example: java -jar flawnter.jar -sast c:\test\code ResultPath.



For usage details please visit Documentation page.


Report Summary Findings Sample:




Report Detail Findings Sample:




Download Flawnter

© Copyright 2024 Flawnter. All rights reserved.