As software takes on more social characteristics, the security levels are said to be declining. At the beginning of 2009, WASC (Web Application Security Consortium) estimated that 87% of all websites were deemed to be weak against cyber attacks.
In shift, to protect quality of overall software, we execute software testing in accordance with standard confirmation items for general security testing, and also more detailed testing as well.
Issues of Exposure
There is a risk that web server discloses personal files to the outside. When URLs embedded in certain web contents bring out other web contents, parameters in the latter may expose important information and be interfered by other web contents.
Issues of Echo back
When web applications have logics to output echo backs to HTML pages or HTTP response header, they cause troubles such as “script infections” and “cash forgery by HTTP responses.”
The issue of inputs
Input parameters that the web applications fetch may contain contents such as SQL injection and command injection intended for malicious attacks.
Issues of Session
When web applications have logics to output echo backs to HTML pages or HTTP response headders, they cause troubles such as “script infections” and “cash forgery by HTTP responses.”
Issue of Access Restriction
Mechanisms with which web applications use to maintain the session are not necessarily robust all the time. There is some possibility that Other parties may interfere or hijack the session.