Home Security & Compliance VAPT Reports SAST Report – January 2026 (uKnowva Convergence Web Application)

SAST Report – January 2026 (uKnowva Convergence Web Application)

  • Print
18 Mar 2026
13
0

This is to certify that SecIQ Technologies has conducted Static Application Security Testing (SAST) from 17-January-2026 to 30-January-2026 for the uKnowva Convergence Web Application .

Executive Summary

Scope of Testing:

The scope of this assessment was limited to the uKnowva Convergence Web Application source code . The testing focused on identifying security vulnerabilities within the application codebase using static analysis techniques.

The application was analyzed in accordance with OWASP security guidelines , covering authentication, cryptographic controls, injection flaws, session management, and configuration security.

Findings & Summary:

The Static Application Security Testing (SAST) assessment identified vulnerabilities across multiple OWASP categories. All Critical, High, and Medium severity issues have been successfully remediated and verified as Closed during the remediation review.

Additionally, a number of Low-severity observations were identified during the assessment. These are currently being addressed as part of ongoing security improvements and will be validated in subsequent review cycles.

Overall, the application demonstrates a significantly improved security posture , with key risk areas effectively mitigated.

Business-Critical Risks:

The uKnowva Convergence Web Application was identified to have some business-critical risks during the assessment. All critical risks have been closed after remediation.

  • It was observed that Hard-Coded Credentials/Secrets could expose sensitive authentication data within the codebase.

  • It was observed that Missing Authentication controls could allow unauthorized access to certain functionalities.

  • It was observed that Weak Random Number Generation could impact cryptographic strength and security mechanisms.

  • It was observed that Unrestricted File Extraction could lead to potential file system compromise.

The above application was tested for compliance with OWASP security guidelines, & the following Critical/High/Medium/Low issues identified as part of the assessment report have been fixed and verified as part of the retesting . Please refer to the table below:

Approach

This assessment was conducted using a static code analysis approach , focusing on identifying vulnerabilities within the application source code without executing the application.

The assessment included automated scanning tools combined with manual validation to ensure the accuracy of findings.

The following phases were covered during this assessment:

  • Static Code Analysis (SAST Scan)

  • Vulnerability Identification

  • Triage and Validation

  • Report Generation & Review

Assessment Report (Summary)

All Critical, High, and Medium vulnerabilities identified during the assessment have been successfully remediated and verified as closed.

Minor observations (Low severity) are being addressed as part of continuous security enhancement efforts.

This report is valid until any changes are made in the application code or configuration, or six months from the date of issue , whichever is earlier.

Was this Article helpful?