Processing Flow
Business Communication
Project Evaluation
Pay for Expenses
Security Audit
Issue a Report
Exchange Security Audit Program
| Serial Number | Audit Class | Audit Subclass |
|---|---|---|
| 1 | Open Source Intelligence Gathering | Whois information collection |
| Real IP discovery | ||
| Subdomain detection | ||
| Mail service detection | ||
| Certificate information collection | ||
| Web services component fingerprint collection | ||
| Port service component fingerprint collection | ||
| Segment C service acquisition | ||
| Personnel structure collection | ||
| GitHub source code leak locating | ||
| Google Hack detection | ||
| Discovery of the privacy leaked | ||
| 2 | App Security Audit | App environment testing audit |
| Code decompilation detection | ||
| File storage security detection | ||
| Communication encryption detection | ||
| Permissions detection | ||
| Interface security test | ||
| Business security test | ||
| WebKit security test | ||
| App cache security detection | ||
| App Webview DOM security test | ||
| SQLite storage security audit | ||
| 3 | Server Security Configuration Audit | CDN service detection |
| Network infrastructure configuration test | ||
| Application platform configuration management test | ||
| File extension resolution test | ||
| Backup, unlinked file test | ||
| Enumerate management interface test | ||
| HTTP method test | ||
| HTTP strict transmission test | ||
| Web front-end cross-domain policy test | ||
| Web security response head test | ||
| Weak password and default password detection | ||
| Management background discovery | ||
| 4 | Node Security Audit | Node configuration security detection |
| Node data synchronization security detection | ||
| Node transaction security audit | ||
| Node communication security detection | ||
| Node open source code security audit | ||
| 5 | Identity Management Audit | Role definition test |
| User registration process test | ||
| Account rights change test | ||
| Account enumeration test | ||
| Weak username strategy testing | ||
| 6 | Certification and Authorization Audit | Password information encrypted transmission test |
| Default password test | ||
| Account lockout mechanism test | ||
| Certification bypass test | ||
| Password memory function test | ||
| Browser cache test | ||
| Password strategy test | ||
| Security quiz test | ||
| Password reset test | ||
| OAuth authentication model test | ||
| Privilege escalation test | ||
| Authorization bypass test | ||
| Two-factor authentication bypass test | ||
| Hash robustness test | ||
| 7 | Session Management Audit | Session management bypass test |
| Cookies property test | ||
| Session fixation test | ||
| Session token leak test | ||
| Cross Site Request Forgery (CSRF) test | ||
| Logout function test | ||
| Session timeout test | ||
| Session token overload test | ||
| 8 | Input Security Audit | Cross Site Scripting (XSS) test |
| Template injection test | ||
| Third-party component vulnerability test | ||
| HTTP parameter pollution test | ||
| SQL injection test | ||
| XXE entity injection test | ||
| Deserialization vulnerability test | ||
| SSRF vulnerability test | ||
| Code injection test | ||
| Local file contains test | ||
| Remote file contains test | ||
| Command execution injection test | ||
| Buffer overflow test | ||
| Formatted string test | ||
| 9 | Business Logic Audit | Interface security test |
| Request forgery test | ||
| Integrity test | ||
| Overtime detection | ||
| Interface frequency limit test | ||
| Workflow bypass test | ||
| Application misuse protection test | ||
| Unexpected file type upload test | ||
| Malicious file upload test | ||
| 10 | Cryptographic Security Audit | Weak SSL/TLS encryption, insecure transport layer protection test |
| SSL pinning security deployment test | ||
| Non-encrypted channel transmission of sensitive data test | ||
| 11 | Hot Wallet Architecture Security Audit | - |
| 12 | Private Key Management System Security Audit | - |
