Login
      Contents x
      Using Web Security Checker
        • Print
        • PDF
        Contents

        Using Web Security Checker

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          The guide explains how to run web service diagnosis and check the results in the NAVER Cloud Platform console.

          Web Security Checker page

          The basics of using Web Security Checker are as follows.

          wsc-console_screen_ko

          AreaDescription
          ① Menu nameName of the menu currently being viewed
          ② Basic featuresFeatures displayed upon the initial entry to the Web Security Checker menu
        • [Create diagnosis task] Button: Click the button to create a new diagnosis task (See Run diagnosis)
        • [Learn more about product] Button: Click to go to the Web Security Checker introduction page
        • [Refresh] Button: Click to refresh the list of diagnosis tasks
          • ③ Search windowSearch can be made for task history with diagnostic URLs and memo details.
          ④ Search filterSpecify a range of diagnosis tasks to be searched.
          ⑤ Diagnostic task listThe list of the diagnosis tasks executed
        • [Report] Button: Click to view the diagnostic report (see Check diagnostic reports)
        • [Create re-diagnosis task] Button: Click to re-diagnose such URLs (see Run re-diagnosis)
        • [Cancel] Button: Click to cancel the reserved diagnosis tasks (see Cancel Reservation)
        • [Stop]: Click to stop diagnosis tasks in progress (see Stop diagnosis)
        • [Detailed description] Button: Click to view detailed descriptions about causes in case of failure in URL collection or diagnosis

          • Run diagnosis

          The following describes how to conduct web service diagnosis.

          Note
          • Unintended behaviors may occur in the course of diagnosis. It is recommended to use it in a test environment, not in an operation environment in preparation for this situation.
          • Make use of backup and monitoring before diagnosis for safer diagnosis. Or you can use the resource monitoring service offered by NAVER Cloud Platform(Cloud Insight(VPC)).
          1. From the NAVER Cloud Platform console, Click the Services > Security > Web Security Checker menus in that order.
          2. Click the [Create diagnosis task] button.
          3. When the Create a diagnosis task page appears, proceed with the following steps in order.

          1. Enter target information

          Enter a diagnostic target URL and then click the [Check for the ownership status] button.

          • Enter the URL including http:// or https://.
          • Perform additional tasks if the web server belongs to other companies' infrastructure, not to NAVER Cloud Platform.
            wsc-console_ownership_check_ko
            • Handle exceptions for Web Security Checker IP to avoid the Web Security Checker scanner being blocked on other companies’ networks.
            • Click the [Create and download authentication file] button to download the authentication file and then upload the file on one of the paths listed on the screen.
            • Please agree that you may be liable if the web server is not your own.

          2. Enter information to be excluded

          If there is any page or directory to be excluded in the diagnosis, enter it as information to be excluded and then click the [Add] button.

          • You can enter multiple URLs.
          • Click the [Remove] button to cancel details entered as exclusion targets.
          Note

          Pages that you might exclude are as follows.

          • Pages that may greatly affect the web service.
          • Pages that must block script execution included during URL collection or diagnosis

          3. Enter authentication information

          Please enter the authentication information for a web service that requires authentication.

          • It should be entered in an HTTP header.
          • If you don’t need the authentication information, select No input.
          • Log in to the diagnosis target server, copy the Request Header value and paste it to the HTTP Header input field.
          • Click the [View screenshots of authentication results] button to check whether the value entered was applied successfully.
          Note

          If the account used for authentication has admin or equivalent permissions, its risk may increase compared to the general account. Make sure to use the account that has been granted only the permissions required.

          4. Reserve schedule

          Set the diagnostic schedule.

          • To start diagnosis immediately, select Immediately.
          • To reserve a diagnosis, select reservation and then the execution date. Reservation is available only within 30 days from the current date.
          Note

          It is recommended to perform a diagnosis when there are few users of the diagnosis target service for safe diagnosis.

          5. Set details

          If needed, set details about diagnosis categories, User Agent and the speed of the diagnosis task as you like.

          • Diagnosis items: select the vulnerability checklist you like
          • Select User Agent: select the environment to be diagnosed
          • Speed of the diagnosis task: Select the speed of the diagnosis task
            • The faster the speed of the diagnosis task, the higher the load of the web service.

          6. Set notifications

          To set notification recipients for the events that may occur during diagnosis, click the [Set notification recipients] button and then set recipients in the pop-up window.
          wsc-console_noti_manage_ko

          • Select the notification recipient and method and then click the [Add] button to add the recipient.
          • If you want to add new personnel to notification recipients, click the [Manage notification recipients] button at the top right of the pop-up window and then register recipient information on the moved page.
          • For more details about the management of the notification recipient group, refer to the Cloud Insight(VPC) Guide.
          • If you have completed setting recipients, click the [Save settings] button.

          7. Complete settings

          If you have completed all the settings, click the [Complete settings] button. Check details in the notification pop-up window and then click the [Complete creating diagnosis task] button.

          • Such details are added to the list of diagnosis tasks.
          • Diagnosis starts immediately if you set the immediate execution, and the diagnostic report is displayed after the diagnosis is completed.

          Check diagnostic reports

          The following describes how to check the report that includes diagnostic results.

          1. From the NAVER Cloud Platform console, Click the Services > Security > Web Security Checker menus in that order.
          2. Click the [Report] button in the diagnosis task history to view.
          3. Check the details in the diagnostic report.
            • You can download the report as a PDF file. Click the [Download PDF] button in the top right corner.
            • Details to be displayed on the report can be edited. Click the [Edit] button at the bottom of the page and then select the information to be displayed in the Details area. Once the edit is completed, click the [Apply] button.

          Stop diagnosis

          A diagnostic task started can be stopped. Task statuses that can be stopped are as follows.

          • URL collection pending
          • URL collection in progress
          • Diagnosis in progress

          The following describes how to stop diagnosis.

          1. From the NAVER Cloud Platform console, Click the Services > Security > Web Security Checker menus in that order.
          2. Click the [Cancel] or [Stop] button in the column of diagnostic results to be stopped.
          3. In the notification pop-up window, click the [Yes] button.
            • The diagnosis task is stopped.

          Cancel Reservation

          The following describes how to cancel a reserved diagnosis task.

          1. From the NAVER Cloud Platform console, Click the Services > Security > Web Security Checker menus in that order.
          2. Click the [Cancel] button in the reserved diagnosis task history.
          3. In the notification pop-up window, click the [Yes] button.
            • The reservation of diagnosis is canceled.

          Run re-diagnosis

          The following describes how to re-diagnose a task that has completed diagnosis.

          1. From the NAVER Cloud Platform console, Click the Services > Security > Web Security Checker menus in that order.
          2. Click the [Create re-diagnosis task] button in the diagnosis task history that you’d like to re-diagnose.
          3. When the Create diagnosis task page appears, set up tasks by referring to 2. Enter information to be excluded.
            • The diagnosis target is automatically set to the same URL and is not changed.
          Note

          You can run the actions above in the same way by using Web Security Checker API.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout