Language & Framework Support

​

Overview

​

Supported Languages and Frameworks

​

C#

• Native Language Support: Corgea provides robust support for C# language constructs, including LINQ, async/await patterns, and generics.
• Frameworks: .NET, ASP.NET Core, Blazor
• Corgea excels in securing enterprise-level .NET applications, addressing vulnerabilities like improper authentication, insecure deserialization, and CSRF.

​

Python

• Native Language Support: Corgea analyzes Python-specific features such as decorators, context managers, and comprehensions.
• Frameworks: Django, Flask, FastAPI
• Focuses on both web applications and backend services, tackling issues such as SQL injections, XSS, and insecure direct object references.

​

Ruby

• Native Language Support: Corgea understands Ruby’s dynamic nature, including metaprogramming features and blocks.
• Frameworks: Ruby on Rails, Sinatra
• Specializes in identifying and fixing Ruby-specific vulnerabilities, including mass assignment issues, unprotected routes, and insecure file uploads.

​

Go

• Native Language Support: Corgea analyzes Go-specific constructs like goroutines, channels, and interfaces.
• Frameworks: Gin, Echo, Fiber
• Targets Go-specific security concerns, such as race conditions, improper error handling, and insecure use of cryptographic functions.

​

JavaScript & TypeScript

• Native Language Support: Corgea supports both JavaScript and TypeScript, including features like async/await, closures, and TypeScript’s type system.
• Frameworks: Node.js, Express.js, Next.js, NestJS, Angular, React, Vue.js
• Covers both client-side and server-side security, addressing issues like prototype pollution, insecure dependencies, and DOM-based XSS.

​

Java

• Native Language Support: Corgea analyzes Java-specific features such as generics, annotations, and lambda expressions.
• Frameworks: Spring, Jakarta EE, Play Framework
• Focuses on enterprise Java ecosystems, tackling vulnerabilities such as XML external entity (XXE) attacks, LDAP injection, and insecure object deserialization.

​

PHP

• Native Language Support: Corgea handles PHP’s unique syntax and language constructs, including traits and attributes.
• Addresses common web application vulnerabilities like remote code execution, file inclusion vulnerabilities, and SQL injection attacks.

​

Kotlin

• Native Language Support: Corgea analyzes Kotlin-specific features including null safety, coroutines, and extension functions.
• Specializes in Android and server-side application security, addressing issues like improper data exposure and insecure communication.

​

C & C++

• Native Language Support: Corgea handles low-level programming constructs including pointers, memory management, and templates.
• Focuses on memory-related vulnerabilities, buffer overflows, and system-level security issues common in C/C++ applications.
• Enabled for false positive detection and auto-fixing. Coming to scanning soon.

​

Key Features Across All Supported Languages

1. Comprehensive Scanning: Corgea’s advanced algorithms scan your codebase to identify potential security vulnerabilities, covering a wide range of CWEs.
2. Intelligent False Positive Detection: Our AI-powered system accurately distinguishes between genuine vulnerabilities and false positives, saving your team valuable time and resources.
3. Automated Fixing: Corgea doesn’t just identify issues—it provides actionable, context-aware fixes that can be applied automatically or reviewed before implementation.
4. Framework-Specific Analysis: Our tool understands the nuances of different frameworks within each language, providing targeted security insights.
5. Continuous Learning: Corgea’s AI model is constantly updated to address new security threats and CWEs as they emerge.

​

Roadmap

• Swift: To enhance security in iOS and macOS application development, including Swift-specific features like optionals and protocol extensions.