Web Vulnerability Assessment

Assessment and Response for Web Service Security Vulnerability

Samsung SDS identifies web service vulnerabilities and provides responses to prevent potential components of security threat, backed by the accumulated know-how. Detailed tests are conducted to detect vulnerabilities, followed by response guidelines on the detected issues.

Overview

  • Effective Assessment & Response

    Based on Samsung SDS’ abundant experience in security operation, detailed assessment is conducted for web vulnerabilities with frequent intrusion and high impact. Response guidelines are provided for the detected issues to preemptively block security threat and securely protect customer data.

  • Efficient Security Control

    Without paying for expensive web vulnerability diagnostics programs or security consulting, the web scanner enables simple and cost-efficient responses to web service security threats. Pre-measures for vulnerabilities also help reduce maintenance cost.

  • Convenient Use

    For security assessment, user-agent settings are available according to the customer’s web service environments, including Internet Explorer and Chrome, as well as
    pre-setting on when to conduct the diagnosis. Detailed information, responses, and sample codes on the discovered vulnerabilities are offered for customers to check diagnosis status and measures.

01

04

Major Assessment Criteria

  • Lacking Input Validation
    File upload/download vulnerability, SQL Injection, Cross-Site Scripting
  • Vulnerable Certificates & Access Control
    Admin page exposure
  • Improper Environment Setting
    Unnescessary method support, directory listing, default page, web server/WAS default password, Frontpage/WebDAV solution ban (limited to IIs)
  • Improper Error Handling
    System data exposure, error page undetermined
  • Exposure of Critical Data
    Exposure via unnecessary files, critical data transfer encryption unapplied
  • Other
    Unnecessary page, OpenSSL version vulnerability

Key Features

  • Review on 16 diagnosis items

    - Apply assessment criteria to minimize impact on service
    - Offer assessment result and response report (number of vulnerabilities, detailed information, etc.)
    - Free inspection on execution after taking measures to identified vulnerability (twice within 1 month after checkup completion)

  • User-Agent setting suitable for web service environments

    - Select according to user environments (e.g. Internet Explorer, Chrome)

  • Diagnosis schedule setting

    - Available 3 workdays after application

Pricing

    • Billing per number of diagnosis
    • Each diagnosis includes review on one URL
Let’s talk

Whether you’re looking for a specific business solution or just need some questions answered, we’re here to help.