Login
      Contents x
      Web Security Checker concept
        • Print
        • PDF
        Contents

        Web Security Checker concept

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          The concept of diagnostic method and diagnostic report is described for the easy understanding and use of Web Security Checker.

          Web vulnerabilities

          Web vulnerabilities are security vulnerabilities that exist in the source cord and operation method of web applications and can occur in operating or using web services.
          Web Security Checker mainly diagnoses the vulnerabilities that hackers use most and those that can cause the greatest damage upon successful attacks.
          XSS, SQL Injection, XXE and SSRF can be currently diagnosed and vulnerabilities that can be diagnosed will continue to be updated. For detailed descriptions of vulnerabilities that can be diagnosed, refer to the Services > Security > Web Security Checker menus in the portal.

          Diagnostic methods

          Diagnosing Web Security Checker will be conducted as follows.

          • Once you enter the information needed for diagnosis in the console, the diagnosis will start. When entering diagnosis target information, it should be entered in a URL format including http:// or https://.
          • After crawling URLs in the target website, thoroughly collect inspection target URLs.
          • Send HTTP packets elaborately configured for collected URLs and analyze response values to detect vulnerabilities.
          • It presents appropriate countermeasures against detected vulnerabilities.
          • As all the procedures are carried out 100% automatically, vulnerabilities that are difficult for humans to find can be found rapidly and in detail.

          Diagnostic report

          After vulnerability diagnosis, you’ll receive a report that integrates with diagnostic results. The report includes information related to diagnosis tasks such as diagnosis target, diagnosis time and login information and the type, risk level and number of vulnerabilities. Additionally, detailed countermeasures are described along with detailed descriptions of detected vulnerabilities, the location where such vulnerabilities are found and HTTP packets used for the verification of vulnerabilities.
          Diagnostic reports can be viewed by connecting to the console, and if you set notifications for creating a diagnostic task, you can receive notifications for creating a diagnostic report via email and SMS.

          Note

          You can view sample diagnostic reports in the Naver Cloud Platform portal. For more details, refer to the Services > Security > Web Security Checker menus in the portal.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout