Business Communication
Project Evaluation
Pay for Expenses
Security Audit
Issue a Report
Serial Number | Audit Class | Audit Subclass |
---|---|---|
1 | Open Source Intelligence Gathering | Whois information collection |
Real IP discovery | ||
Subdomain detection | ||
Mail service detection | ||
Certificate information collection | ||
Web services component fingerprint collection | ||
Port service component fingerprint collection | ||
Segment C service acquisition | ||
Personnel structure collection | ||
GitHub source code leak locating | ||
Google Hack detection | ||
Discovery of the privacy leaked | ||
2 | App Security Audit | App environment testing audit |
Code decompilation detection | ||
File storage security detection | ||
Communication encryption detection | ||
Permissions detection | ||
Interface security test | ||
Business security test | ||
WebKit security test | ||
App cache security detection | ||
App Webview DOM security test | ||
SQLite storage security audit | ||
3 | Server Security Configuration Audit | CDN service detection |
Network infrastructure configuration test | ||
Application platform configuration management test | ||
File extension resolution test | ||
Backup, unlinked file test | ||
Enumerate management interface test | ||
HTTP method test | ||
HTTP strict transmission test | ||
Web front-end cross-domain policy test | ||
Web security response head test | ||
Weak password and default password detection | ||
Management background discovery | ||
4 | Node Security Audit | Node configuration security detection |
Node data synchronization security detection | ||
Node transaction security audit | ||
Node communication security detection | ||
Node open source code security audit | ||
5 | Identity Management Audit | Role definition test |
User registration process test | ||
Account rights change test | ||
Account enumeration test | ||
Weak username strategy testing | ||
6 | Certification and Authorization Audit | Password information encrypted transmission test |
Default password test | ||
Account lockout mechanism test | ||
Certification bypass test | ||
Password memory function test | ||
Browser cache test | ||
Password strategy test | ||
Security quiz test | ||
Password reset test | ||
OAuth authentication model test | ||
Privilege escalation test | ||
Authorization bypass test | ||
Two-factor authentication bypass test | ||
Hash robustness test | ||
7 | Session Management Audit | Session management bypass test |
Cookies property test | ||
Session fixation test | ||
Session token leak test | ||
Cross Site Request Forgery (CSRF) test | ||
Logout function test | ||
Session timeout test | ||
Session token overload test | ||
8 | Input Security Audit | Cross Site Scripting (XSS) test |
Template injection test | ||
Third-party component vulnerability test | ||
HTTP parameter pollution test | ||
SQL injection test | ||
XXE entity injection test | ||
Deserialization vulnerability test | ||
SSRF vulnerability test | ||
Code injection test | ||
Local file contains test | ||
Remote file contains test | ||
Command execution injection test | ||
Buffer overflow test | ||
Formatted string test | ||
9 | Business Logic Audit | Interface security test |
Request forgery test | ||
Integrity test | ||
Overtime detection | ||
Interface frequency limit test | ||
Workflow bypass test | ||
Application misuse protection test | ||
Unexpected file type upload test | ||
Malicious file upload test | ||
10 | Cryptographic Security Audit | Weak SSL/TLS encryption, insecure transport layer protection test |
SSL pinning security deployment test | ||
Non-encrypted channel transmission of sensitive data test | ||
11 | Hot Wallet Architecture Security Audit | - |
12 | Private Key Management System Security Audit | - |