To cope with the Policy on Minimum Security Standard for Web Applications, ITSC has set up a Web Application Vulnerability Assessment service for departments. This service is especially useful for colleagues during the development cycle or the testing of open-source application and third-party developed applications. The assessment will act as a hacker to exploit the possible security vulnerabilities on your application and then hack into it by using some popular hacking skills such as cross-site scripting and SQL injection as listed in the Open Web Application Security Project (OWASP) Top Ten, etc. Then, a comprehensive assessment report will be produced for you with suggestions of how to fix the vulnerabilities. If you want to get a sample report, please click here.
The web application must pass this web application vulnerability assessment before production launch or after any major changes on the application. The assessment is successful only if NO critical vulnerabilities can be found in the assessment.
Available to
Departments
Service Charge and Application
Free; application required.
Please email infosec@cuhk.edu.hk to get the “Application Form for Web Application Vulnerability Assessment”.
Upon received all the required information from the above application form for Web Application Vulnerability Assessment, the assessment would be started asap if our scanner is available.
The duration of the assessment depends on different factors:
structure and complexity of the application,
performance of the web server to be scanned,
number of user roles in the application, the maximum scanning windows for each user role is 7 days.
etc.
Please note that if there are multiple user roles in the application, the scan tasks are unable to conduct concurrently since it usually affects the performance of your web server to be scanned.
If any critical vulnerability is found in an assessment, the vulnerability has to be fixed and schedule for reassessment until no critical vulnerability can be found in the assessment.
The scanners for web application assessment will attack your application which could damage the files and/or database of the application. So please ensure the following before the scan task can be started:
Prepare a testing / development environment with few testing data for assessment use.
Reserve enough time for the assessment especially there are multiple user roles involved in the application.
Backup all the data and source code before the scan, and make sure that the backup can be restored properly if necessary.
DO NOT use production / real data especially real-email address(es) since the scan task could trigger to send out the emails.
This website uses Cookies, including Cookies from Google Analytics, to ensure you get the best browsing experience. If you “Continue” to use this site, you consent to the use of Cookies. Read more about Cookies
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.