English Japanese
Belue Creative, Information Security Services, Information security management

Diagnose and point out security problems of Web applications​

Diagnoses information security problems (vulnerability: XSS, SQL injection, CSRF, open redirect, command injection, authentication function inappropriate, application logic, etc.) of the Web application via the network.​

This diagnosis diagnoses whether the appropriate security protection measures are taken for personal information and confidential information in the Web application. It reports on the security problems detected and their impacts, and the recommendations for the improvement.
It also supports security standards such as PCI DSS, CIS, and NIST.

Two types of diagnosis menu are available, the tool-based diagnosis “Web Lite service”, and the diagnosis by tool and manual “Web Heavy service”. And there are remote and on-site diagnostic methods depending on the source of the diagnostic PC.

Following shows the image for Web application vulnerability diagnosis.

Web Application Vulnerability Diagnosis

Following are main diagnostic items. (Lite diagnosis by tools)

  • Cross site scripting diagnosis
  • SQL injection diagnosis
  • OS command injection
  • Second order attack
  • Force browsing
  • Error code
  • Cookies without secure attributes
  • Session management issues

Following are main diagnostic items. (Heavy diagnosis by tools and manual)

  • Cross site scripting diagnosis
  • SQL injection diagnosis
  • OS command injection
  • Second order attack
  • Force browsing
  • Error code
  • Cookies without secure attributes
  • Session management issues
  • Inadequate access control mechanism
  • Misuse of functions
  • Interfere with service
  • Inadequate authentication
  • Inadequate application logic

Following optional menu are available.

  • IPv6
  • Service Stop Attack
  • Brute Force (authentication tolerance)

Following shows the flow of the services.

Web Application Vulnerability Diagnosis