Web Security Checker prerequisites

Prev Next

Available in Classic and VPC

Check the supported environments, precautions for using Web Security Checker and usage fee for smooth use of Web Security Checker.

Cloud environment specifications

The cloud environment specifications supported by Web Security Checker are as follows:

Item Specifications
Region (zone) Korea, U.S., Singapore, Japan, and Germany
Platform VPC, Classic
Languages Korean, English, and Japanese
Note

For more information on the VPC environment, see Service introduction on the NAVER Cloud Platform portal, and for more information on whether the VPC environments are supported for each service, see Ncloud user environment guide.

Precautions when using the service

Note that the following situations may occur when using Web Security Checker.

  • A script that is executed during the URL collection or diagnosis may create files, generate test values, or modify or delete data.
    To maximize page collection, while dynamically visiting a page, Web Security Checker itself may click a button or link, resulting in the execution of certain features. This may lead to unintended data changes, deletion or text data input. Although it was designed to maintain stability as much as possible to prevent unexpected data changes from happening, some development code inevitably results in this issue, so prepare proactive measures such as configuring separate testing environments or data backup.

  • An email may be sent to the admin at random.
    If a feature that sends emails to an admin is implemented in your web service, then emails where test values are entered may be sent.

  • An increase in traffic can occur during the diagnosis.
    The self-developed vulnerability diagnostic algorithm helps Web Security Checker minimize creating more traffic during diagnosis. However, due to its characteristics as a vulnerability diagnosis solution, this service would inevitably generate some additional traffic.

  • A delay in the response time of the website may occur.
    For better diagnosis, Web Security Checker sends many HTTP packets to a web server, which may slow down the response time of the website. To work around this issue, several safe methods and an optimized diagnosis algorithm are applied to minimize requests. Therefore, Web Security Checker is more reliable and generates less traffic than other similarly behaving software. Note that some websites may respond slower depending on how source codes are implemented, though. In particular, if there is any SQL-related vulnerability, then a delay due to a coding error may occur.

  • You may have difficulties in collecting and diagnosing URLs.
    Web Security Checker supports the collection of URLs from web pages based on Server-Side Rendering (SSR) and Client-Side Rendering (CSR) and web pages rendered by DOM click events. However, it does not support the collection of URLs requested when events other than clicks occur on SPA websites.

  • False detections may occur.
    Thanks to technical know-how accumulated over the years, Web Security Checker has been designed and implemented to find even potential vulnerabilities so as to maximize detection rates. However, because the probability of false detection and non-detection exists due to its characteristics as an automated diagnosis tool, additional validations may be required.

Pricing information

Web Security Checker is a paid plan and its fees are charged according to the number of diagnoses.
For detailed pricing information about Web Security Checker, refer to Service > Security > Web Security Checker on the portal.

Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.