脆弱性カテゴリー
Webアプリケーションセキュリティチェック
本書に記載されている情報は、Syhunt Hybridのバージョン6.9に適用されます。
Syhuntのデータベースは、Syhuntの長年の研究の集大成であり、以下に示すように、非常に幅広いさまざまなWebアプリケーションのセキュリティ脅威に対するチェックを含んでいます。
チェック項目
Check
CWE
Authentication Vulnerabilities Authentication Bypass / Broken Authentication through Dynamic Analysis Authentication Bypass / Broken Authentication through Source Code Analysis Automated Authentication Brute Force (Form & HTTP-Based) Password Disclosure Unencrypted Login Insecure Salting through Source Code Analysis Broken Cryptography Insecure Hashing Algorithms through Source Code Analysis Insecure Cryptographic Algorithms through Source Code Analysis Insecure Randomness through Source Code Analysis Weak Protocols through Source Code Analysis Weak Password Hashing through Source Code Analysis Breach Confirmation Breach Confirmation through Dynamic Analysis Breach Confirmation through Source Code Analysis Breach Confirmation through Web Server Log Analysis Hidden Debug Parameter Discovery through Dynamic Analysis Hidden Debug Parameter Discovery through Source Code Analysis Hidden Debug Parameter Discovery and Injection through Hybrid Analysis Inappropriate Content Detection Malicious Content Detection Web-Based Backdoor Detection through Dynamic Analysis Web-Based Backdoor Detection through Source Code Analysis Command Execution Command Execution through Dynamic Analysis Command Execution through Source Code Analysis Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) through Dynamic Analysis Cross-Site Scripting (XSS) through Source Code Analysis Weak XSS Filter/Validation Bypass through Dynamic Analysis Weak XSS Filter/Validation Bypass through Source Code Analysis DOM-Based XSS through Source Code Analysis HTML5 Specific XSS Cross-Site Request Forgery (XSRF) through Source Code Analysis File Inclusion Local File Inclusion (LFI) through Dynamic Analysis Remote File Inclusion (RFI) through Dynamic Analysis Local File Inclusion (LFI) through Source Code Analysis Remote File Inclusion (RFI) through Source Code Analysis File Manipulation through Source Code Analysis NoSQL Injection NoSQL Injection through Dynamic Analysis (Error-Based) NoSQL Injection through Dynamic Analysis (Time-Based) NoSQL Injection through Source Code Analysis NoSQL Injection in MongoDB SQL Injection SQL Injection through Dynamic Analysis (Error-Based) SQL Injection through Dynamic Analysis (Blind) SQL Injection through Dynamic Analysis (Time-Based) SQL Injection through Source Code Analysis SQL Injection through Source Code Analysis (HQL) Code Injection Code Injection through Dynamic Analysis (Print-Based) Code Injection through Dynamic Analysis (Time-Based) Code Injection through Source Code Analysis Code Injection in ASP Classic Code Injection in ASP.NET Code Injection in Java/JSP Code Injection in Lua (Nginx, Apache, CGI-Lua, etc) Code Injection in Perl Code Injection in PHP Code Injection in Python Code Injection in Ruby Code Injection in Server-Side JavaScript Source Code Disclosure Source Code Disclosure through Injection Source Code Disclosure through Content Analysis Source Code Disclosure (ASP Classic) Source Code Disclosure (ASP.NET) Source Code Disclosure (Java/JSP) Source Code Disclosure (Lua) Source Code Disclosure (Perl) Source Code Disclosure (PHP) Source Code Disclosure (SSI) Extension Checking Double Extension Checking Common Backup Extensions Structure Brute Force Admin Pages Common Backup Files Common Backup Folders Database Disclosure Old/Backup Files Common Form Weaknesses Email Form Hijacking Hidden Price Form Field AutoComplete Enabled (in sensitive form inputs) Unencrypted Credit Card Transaction Denial-of-Service (DoS) Client-Side Denial-of-Service Denial-of-Service through Injection Denial-of-Service through Source Code Analysis Buffer Overflow Multiple Disclosure Vulnerabilities Common Exposures Hardcoded Sensitive Information through Source Code Analysis Logging of Sensitive Information through Source Code Analysis Local Storage Usage through Source Code Analysis Sensitive Data Stored in Local Storage through Source Code Analysis Sensitive Information Client-Side through Source Code Analysis Information Disclosure through Injection Information Disclosure through Content Analysis Information Disclosure through Source Code Analysis Internal IP Address Disclosure Path Disclosure through Injection Path Disclosure through Content Analysis Directory Listing Web Technology Disclosures Suspicious HTML Comments Log Forging Log Forging through Source Code Analysis XPath Injection XPath Injection through Dynamic Analysis XPath Injection through Source Code Analysis LDAP Injection LDAP Injection through Dynamic Analysis LDAP Injection through Source Code Analysis Unvalidated Redirects Unvalidated Redirects through Dynamic Analysis Unvalidated Redirects through Source Code Analysis CRLF Header Injection CRLF Header Injection through Dynamic Analysis CRLF Header Injection through Source Code Analysis Expression Language (EL) Injection Cookie Manipulation Cross Frame Scripting Dangerous Methods Default Content Directory Traversal HTTP Header Injection through Source Code Analysis Server-Specific Vulnerabilities in IIS, iPlanet & Others Server-Side Request Forgery (SSRF) through Dynamic Analysis Server-Side Request Forgery (SSRF) through Source Code Analysis Server-Side Includes (SSI) Injection Client-Side Request Forgery (CSRF) through Source Code Analysis XML Injection through Dynamic Analysis XML Injection through Source Code Analysis XML External Entity (XXE) Injection XML External Entity (XXE) Injection through Dynamic Analysis XML External Entity (XXE) Injection through Source Code Analysis Security Misconfiguration through Source Code Analysis Known Vulnerable Apps Outdated Vulnerable Scripts through Source Code Analysis Known Vulnerable Apps (Apache Struts) Known Vulnerable Apps (ASP Classic) Known Vulnerable Apps (ASP.Net) Known Vulnerable Apps (ColdFusion) Known Vulnerable Apps (Dynamic HTML) Known Vulnerable Apps (Flash) Known Vulnerable Apps (Java / JSP) Known Vulnerable Apps (Perl) Known Vulnerable Apps (Python) Known Vulnerable Apps (Ruby) Known Vulnerable Apps (SSI) Known Vulnerable Apps (IIS)
対応サーバサイド言語(DAST)
ASP (Classic) ASP.Net Java / JSP JavaScript Lua Perl PHP Python Ruby
対応サーバサイド言語(SAST)
ASP Classic (VBScript & JavaScript) ASP.Net (C# & VB.Net) Java (JEE / JSP) JavaScript (Client and Server-Side, Node.js, Angular, AngularJS, Express.js & Koa.js) Lua (ngx_lua, mod_lua, CGILua & Lua Pages) Perl PHP Python (CGI, Django, mod_python & WSGI) Ruby (Rails & ERB) TypeScript (Client and Server-Side, Node.js & Angular)
対応言語(モバイル)
Java (Android) Swift (iOS) Objective-C, C & C++ (iOS) JavaScript (including Node.js, Angular, AngularJS, Express.js & Koa.js)
対応データベース(SQLインジェクション検出)
Access DB2 dbx Firebird/InterBase FrontBase Informix Ingres MariaDB / MySQL MaxDB mSQL Oracle Ovrimos PostgreSQL SQL Server SQLite Swish Sybase