Web Application Vulnerability Assessment
What is a Web Application Vulnerability Assessment?
A Web Application Vulnerability Assessment is a service that detects vulnerabilities in web applications which are owned and managed by customer.
Web applications, especially the ones published on the internet, are always exposed to the threat of cyberattacks, making the discovery and resolution of vulnerabilities critical.
Our assessment service includes "1. Assessment, 2. Report, 3. Reassessment (optional)," and we provide support until the customer can operate their system with confidence.
We recommend performing this assessment in conjunction with a platform vulnerability assessment to get a comprehensive understanding of your system's vulnerabilities.
We also offer reassessment services (optional) after the initial assessment. We believe it is essential to check whether the vulnerabilities found are appropriately addressed.
What We Can Assess
・Websites (including mobile)
・Web applications (supports various frameworks)
・Web APIs
Assessment Methods
Customers can choose between remote and on-site assessments, depending on their needs. Hybrid assessments are also available.
Remote Assessment
The assessment is performed via the internet from our designated assessment network, evaluating the website or web application remotely.
On-Site Assessment
Our engineers will visit the customer's office or data center and assess the website or web application from within the customer's internal network.
Service Flow
1
Inquiry
Please contact us via our inquiry form or by phone.
2
Estimate
Based on your inquiry, we will provide an estimate.
3
Contract
After confirming the estimate, we will proceed with the contract.
4
Pre-Assessment Preparation
We will conduct a hearing with the customer and set up any necessary equipment or environments for the assessment.
5
Assessment Execution
We will perform the vulnerability assessment either remotely or on-site.
6
Report Meeting
We will explain the vulnerabilities discovered and the recommended remediation actions based on the assessment results.
7
Reassessment (Optional)
We will check if the discovered vulnerabilities have been properly addressed.
Assessment Items
This service includes assessments based on OWASP Top 10, OWASP ASVS (Level 1 and above), OWASP Security Testing Guidelines, as well as additional coverage for the latest security risks. Specific assessment items are as follows:
Input/Output Diagnostics
| Inspection Item | Overview |
| XSS (Cross-Site Scripting) | Inspect whether vulnerabilities exist that allow malicious JavaScript to be embedded due to improper handling of web page outputs constructed using externally input parameters. |
| SQL Injection | Inspect whether vulnerabilities exist that allow database information to be viewed or altered due to improper generation of SQL statements using externally input parameters. |
| OS Command Injection | Inspect whether vulnerabilities exist that allow arbitrary OS commands specified externally to be executed due to improper generation of OS commands in web applications. |
| HTTP Header Injection | Inspect whether vulnerabilities exist that allow arbitrary OS commands specified externally to be executed due to improper generation of OS commands in web applications. |
| Mail Header Injection | Inspect whether vulnerabilities exist that allow unauthorized fields to be added to email headers due to improper generation processes when sending emails |
| XXE Injection | Inspect whether vulnerabilities exist that allow exploitation of external entity references to leak server file information in functionalities processing externally provided XML |
| LDAP Injection | Inspect whether vulnerabilities exist that allow leakage or tampering of directory data due to issues in query generation processes when using LDAP |
| File Inclusion (LFI/RFI) | Inspect whether vulnerabilities exist that allow unintended files to be included due to improper file inclusion processes in functionalities that allow external specification of files to be read by the web application |
| Directory Traversal | Inspect whether vulnerabilities exist that allow unintended files to be accessed, viewed, or altered due to improper file access processes using externally input parameters |
| Arbitrary File Upload and Exposure | Inspect whether vulnerabilities exist that allow malicious code to be uploaded due to improper file saving or exposure settings on the server when using functionalities that allow file uploads |
Authentication Diagnostics
| Inspection Item | Overview |
| Login Form Vulnerabilities | Inspect whether password inputs are properly masked and input handling is appropriate on login forms and similar pages |
| Error Message Issues | Inspect whether error messages during authentication failures contain information that could assist in guessing authentication details |
| Account Lock Functionality Issues | Inspect whether mechanisms for account lockouts can be bypassed and whether login attempt limits are appropriately set |
| Logout Functionality Issues | Inspect whether sessions are properly terminated when users log out of services with login functionalities |
| Authentication Bypass | Inspect whether vulnerabilities exist that allow login without proper password authentication |
| Password Change or Reset Issues | Inspect whether password changes require prior password entry and whether the reset process is implemented securely |
| Weak Password Policies | Inspect whether users can set easily guessable passwords |
| Forced Browsing | Inspect whether pages or functionalities accessible only after login can be accessed directly without authentication |
| Plaintext Transmission of Sensitive Information | Inspect whether sensitive information like passwords is transmitted in plaintext without encryption such as HTTPS |
Authorization Diagnostics
| Inspection Item | Overview |
| Improper Authorization Control (Privilege Escalation) | Inspect whether general user accounts can access pages or functionalities restricted to administrators |
| Improper Authorization Control | Inspect whether unauthorized third parties can access restricted pages or functionalities |
Session Management Diagnostics
| Inspection Item | Overview |
| Missing Secure Attribute in Cookies | Inspect whether the secure attribute is set for session management cookies |
| Session Expiry Settings | Inspect whether session expiration times are excessively long |
| Session ID Randomness Validation | Inspect whether session IDs are properly randomized and cannot be easily guessed |
| Session Fixation | Inspect whether session IDs can be fixed externally, allowing third parties to impersonate users |
| Improper Session Management | Inspect whether the issuance, usage, and management of session IDs by the web server can lead to impersonation or information leakage |
| Cross-Site Request Forgery (CSRF) | Inspect whether data registration, updates, or deletions can be processed without the correct originating screen |
Server Configuration Diagnostics
| Inspection Item | Overview |
| Allowed HTTP Methods | Inspect whether any unintended HTTP methods are allowed by the web server |
| System Information Exposure | Inspect whether HTTP response headers or error messages reveal system or version information |
| Directory Listing | Inspect whether unintended directory listing functionality is enabled, exposing files |
| Admin Panel Detection | Inspect whether administrator login pages or similar can be detected |
| Known Software Vulnerabilities | Inspect whether known vulnerabilities exist in the software versions (OS, libraries, etc.) used by the web server |
| Unnecessary Files | Inspect whether unnecessary test pages or files are exposed |
Web Application Specifications and Design Diagnostics
| Inspection Item | Overview |
| Processing Functionality Issues | Inspect whether processes with specific conditions can be bypassed or whether the system handles unexpected parameters improperly |
| Race Conditions | Inspect whether unintended processes occur when multiple processes access the same resource simultaneously |
| Abuse of Email Sending Functionality | Inspect whether email functionality can be exploited to send spam or phishing emails |
| Cache Control Issues | Inspect whether sensitive information is improperly cached due to misconfigured web server or CDN cache settings |
| Open Redirects | Inspect whether functionality using external input parameters can redirect to arbitrary destinations |
| Server-Side Request Forgery (SSRF) | Inspect whether server functionality can be exploited to access or tamper with internal resources |
| Unsafe Deserialization | Inspect whether vulnerabilities exist that allow arbitrary code execution during deserialization of user-supplied serialized objects |
| Plaintext Transmission of Sensitive Information | Inspect whether sensitive information like passwords or personal data is transmitted without encryption |
| Sensitive Information in URLs | Inspect whether sensitive information like passwords is included in URLs (e.g., GET parameters) |
Client-Side Diagnostics
| Inspection Item | Overview |
| Clickjacking | Inspect whether users can be tricked into unintended operations through visual manipulation of UI elements |
| Same-Origin Policy Bypass | Inspect whether protections enforced by the browser's same-origin policy can be circumvented |
| Inappropriate Cross-Origin Resource Sharing (CORS) Policy | Inspect whether improper CORS policy settings allow external scripts to access web application resources |
*If there is a login page, you can provide login information, and the login page will also be included in the assessment.
Reports
The assessment results will be provided in an easy-to-understand format. It will primarily consist of an executive summary, a detailed breakdown of the findings, and recommended actions.
Tools Used in this Assessment
This service uses a combination of manual and automated diagnostic tools to detect vulnerabilities from various angles.
Engineer Certifications
Our engineers possess high skills and extensive experience, including certifications such as:
・Information Security Management Specialist
・Offsec Certifications (OSCP, etc.)
・PortSwigger Certifications (BSCP, etc.)
Pricing
We offer discounted rates when performing a platform assessment in addition to the web application assessment. For more details, please contact us.
Inquiries About the Service
Feel free to contact us with any questions about the service.