(Reference) Web application diagnosis and platform diagnosis Item details
Web Application Diagnostics Inspection Items
| Inspection Items | Description | Typical Vulnerabilities |
| Items related to user authentication | Checks for unauthorized application use by using unauthorized services or spoofing. Also, we check for the presence of encrypted communication and appropriate server certificate settings. |
Existence of weak passwords Inadequate authentication settings Inadequate password reminders Validity of SSL certificates Inadequate HTTP |
| Items related to content access authorization | Check for possible leakage of personal information by impersonating legitimate users due to inadequate session management, which is used to maintain information for each user. | Guessable session IDs Inadequate access control mechanisms Inadequate session termination processing Session fixation |
| Items related to client-controlled attacks | Attacks on the browser used by the user to see if it is possible to execute arbitrary scripts or spoof content. | Cross-site scripting Content spoofing |
| Items related to command execution | We investigate program behavior when a user enters character strings, etc. that are not used in normal usage, and check for possible abnormal service stoppages or leakage of critical information due to unauthorized manipulation of the OS or database. | Buffer overflow OS Command Injection SQL injection SSI injection LDAP injection |
| Items related to information acquisition | Check for default pages and sample pages attached to web servers and web applications. Also, check for the possibility of unexpected information being exposed by searching for files that are not publicly available. |
Server Configuration Directory traversal Forced browsing and authentication evasion Presence of unwanted content Common file extensions |
| Items related to exploitation of application functionality | We check for structural and functional weaknesses in the web application and verify the possibility of various types of attacks. | Cross-site request forgery Newline code injection Abuse of upload functionality Abuse of functionality Denial of service Failure to prevent automated access |
Platform Diagnostics Inspection Items
| Diagnostic Items | Investigation and Confirmation Items | Main threats |
| Host existence check (host up-check using ICMP packets) | Check for the existence of the target server and confirm its existence mainly by using ICMP packets. | Depending on the ICMP response status, this may give an attacker a clue to attack. |
| Port scan (1 - 65535/tcp,udp) | Check for open ports on the target server. | This is used to determine the status of services that are running, and is used as a preliminary investigation before an unauthorized intrusion or attack. |
| Unnecessary service operation | Service operation status is checked. | Unnecessary service operation for security purposes provides attackers with many clues for their attacks. |
| Obtaining information from running services | Obtain banner information and other information from running services. | Identification of running programs, etc., may be used for unauthorized intrusion or other attacks. |
| Known vulnerabilities of OS and application software | Check OS version, security patch application status, etc. | Known vulnerabilities may be used to execute arbitrary commands or denial-of-service attacks. |
| Weak password settings | Check for passwords that can be easily guessed for authentication services. | If passwords are easily guessable, there is a possibility of unauthorized system access through spoofing. |
| Existence of CGI scripts with known vulnerabilities | Check for the existence of CGI scripts and their versions. | Known vulnerabilities may be used to execute arbitrary commands or obtain internal server information. |
| Investigate account policies. | If account lockout values, etc. are obtained, evaluate the validity of the settings. | If the setting values are inadequate, password guessing attacks may become easier or the probability of success may increase. |
| Known vulnerabilities in various services (FTP service, SSH service, etc.) | Check for running older versions of software with reported vulnerabilities in various services. | Known vulnerabilities may be exploited to execute arbitrary commands or denial-of-service attacks. |
| Possible Denial of Service (DoS) | Check for possible denial-of-service attacks. | This may stop or make it difficult to access the services provided. |
| Server configuration problems | Check if the server settings (write permissions, access control settings, etc.) are appropriate from a security perspective. | Inadequate security settings may be used for unauthorized intrusion or other attacks. For example, if write permissions are inadequate, arbitrary files may be created. |
| Leakage of private addresses | Check if the response from the target host contains any private addresses, etc. | Leakage of the system's internal network information may be used for unauthorized intrusion or other attacks. |
| Availability of DNS zone forwarding | Check whether DNS zone forwarding is allowed to unspecified hosts. | This makes it easy to identify hosts that may exist in the domain and their usage, which increases the number of attack targets. |
| Allow or disallow DNS recursive queries | Check whether DNS recursive queries are allowed. | If DNS recursive queries are allowed, they may be used for DNS server abuse or DDoS attacks against other servers. |
| Whether DNS dynamic updates are allowed or not | Check if DNS records are configured to allow updates. | Users can be directed to malicious sites by adding arbitrary records. |
| Enable/Disable unauthorized mail relay | Check the mail server's mail relay setting status. | If unauthorized mail relay is possible, it may be used to send spam mail. |
| User information leakage problem by mail server | Check the commands allowed to users on the mail server and the server's response. | The allowed commands and command response results can be used to identify user information registered in the system, which can be used for password guessing attacks. |
| Existence of default content on the Web server | Check for the existence of default content installed at the time of system installation. | If the default content is vulnerable, it may be used for unauthorized intrusion or to obtain information that can be used for attacks. |
| Existence of unwanted files | Check for the presence of unwanted files that have been exposed. | The information in the files can give attackers many clues to attack. |
| Inadequate Proxy settings | Check if the Proxy server settings are reasonable from a security point of view. | Insecure settings may allow the proxy server to be used as a stepping stone to attack other systems. |
| Inappropriate SSL server certificates | Obtain an SSL server certificate and verify that it is trustworthy. | If the SSL server certificate is inadequate, the existence of the server cannot be proved, and the user may be led to a malicious fake server without being able to determine it, and the user may end up sending information to the fake server to which the user was led. |
| Information Leakage by Error Messages | Send a request that returns an error message and check to see if the error message contains internal server information. | If the error message contains internal server information, the acquired information may be used in an unauthorized intrusion or other attack. |
| Worm Infection | Check to see if the server is already infected with a worm. | There is a possibility that it is being used for attacks, unauthorized intrusion, or denial of service. |
| Backdoor detection, etc. | Various items are checked to see if backdoors have already been installed. | If there is a backdoor, there is a possibility that the system is already being used illegally. |
FRONTEO's Legal Tech AI
Feel free to contact us
- HOME >
- Cyber Security Survey - Cyber Attacks and Credit Card Fraud >
- Vulnerability Assessment and Penetration Testing >
- (Reference) Web application diagnosis and platform diagnosis Item details