Prerequisites for using Web Security Checker
- Print
- PDF
Prerequisites for using Web Security Checker
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in Classic and VPC
Check the supported environments, precautions for using Web Security Checker and usage fee for smooth use of Web Security Checker.
Cloud environment specifications
The following details are the cloud environment specifications supported by Web Security Checker.
| Items | Supported specifications |
|---|---|
| Region (Zone) | Korea, U.S., Hong Kong, Singapore, Japan, and Germany |
| Platform | VPC, Classic |
| Languages | Korean, English, and Japanese |
Note
Please refer to Service Introduction in the NAVER Cloud Platform portal if you would like to know more about VPC environments, and to Ncloud User Environment Guide if you would like to know whether a VPC environment is supported for individual services.
Precautions when using service
Please note that the following situations may occur when using Web Security Checker.
A script that is executed during the URL collection or diagnosis may create files, generate test values, or modify or delete data.
To maximize page collection, while dynamically visiting a page, Web Security Checker itself may click a button or link, resulting in the execution of certain features. This may lead to unintended data changes, deletion or text data input. Although it was designed to maintain stability as much as possible to prevent unexpected data changes from happening, some development code inevitably results in this issue, so prepare proactive measures such as configuring separate testing environments or data backup.An email may be sent to the admin at random.
If a feature that sends emails to an admin is implemented in your web service, then emails where test values are entered may be sent.An increase in traffic can occur during the diagnosis.
The self-developed vulnerability diagnostic algorithm helps Web Security Checker minimize creating more traffic during diagnosis. However, due to its characteristics as a vulnerability diagnosis solution, this service would inevitably generate some additional traffic.A delay in the response time of the website may occur.
For better diagnosis, Web Security Checker sends many HTTP packets to a web server, which may slow down the response time of the website. To work around this issue, several safe methods and an optimized diagnosis algorithm are applied to minimize requests. Therefore, Web Security Checker is more reliable and generates less traffic than other similarly behaving software. Please note that some websites may respond slower depending on how source codes are implemented, though. In particular, if there is any SQL-related vulnerability, then a delay due to a coding error may occur.You may have difficulties in collecting and diagnosing URLs.
Web Security Checker supports the collection of URLs from webpages based on Server-Side Rendering (SSR) and Client-Side Rendering (CSR) and webpages rendered by DOM click events. However, it does not support the collection of URLs requested when events other than clicks occur on SPA websites.False detections may occur.
Thanks to technical know-how accumulated over the years, Web Security Checker has been designed and implemented to find even potential vulnerabilities so as to maximize detection rates. However, because the probability of false detection and non-detection exists due to its characteristics as an automated diagnosis tool, additional validations may be required.
Usage fee
Web Security Checker is a paid plan and its fees are charged according to the number of diagnoses.
For details about the Web Security Checker’s pricing standard, refer to the Services > Security > Web Security Checker menus in the portal or the pricing information by region page.
Was this article helpful?